By Rajat Bhargava Posted October 8, 2016
One of the recent enhancements to G Suite has been their focus on single sign-on with a few select applications via SAML. G Suite has leveraged OAuth authentication for years, but the most recent enhancement has been SSO via SAML.
Of course, this foray into SAML is directly competitive with our friends at Okta.
It seems that Google wants to leverage their G Suite directory to authenticate to more than just the G Suite applications. This is creating a situation where IT admins need to decide on which solution is a better fit – G Suite versus Okta.
Of course, that’s only for the web application layer – as IT admins think about centralizing their user management around G Suite identities, Directory-as-a-Service® becomes a very interesting part of the identity management picture.
G Suite Single Sign-On Takes Aim
G Suite, which was formerly known as Google Apps for Work, has a user directory. That user directory has historically just been for GApps services. A few years ago, Google added the ability for other third party sites to leverage the GApps user store for authentication. This happened over the OAuth protocol.
The idea was to make it easy for third party sites to leverage the credentials within GApps. It also made it easier for end users to sign-up and leverage a web application or service. This approach was limited to the OAuth protocol and web applications or sites. The uptake wasn’t significant because not all of these sites wanted to count on Google for their user’s information (of which very little was passed to the website) and further, not all of their users had Google Apps!
As a result, Google decided to take their SSO strategy and move it one step further to include the SAML protocol. Google released integrations with about 15 to 20 web applications. While it was a first salvo into the SAML SSO market, Google clearly had designs on disrupting the progress that Okta has been making.
Okta Offers More Expansive Single Sign-On
Okta is the premier web application SSO provider in the market. With integrations with thousands of applications, Okta has done an incredible job of pioneering the web application SSO market and putting cloud identity management on the map.
Okta’s product is extremely deep and comprehensive when it comes to SSO and, as a result, the G Suite SSO approach looks quite weak in comparison. For those organizations that need a lightweight SSO solution, G Suite Single Sign-On will suffice. For those with deep, enterprise-class needs, Okta will be a better choice.
Achieving Single Sign-On Beyond Just Apps
Whatever the choice on the web application Single Sign-On side, there is a more significant issue that needs to be addressed. Neither G Suite Single Sign-On nor Okta SSO serve as the core identity provider for an organization.
IT admins cannot leverage G Suite identities to login to laptops or desktops, AWS cloud servers, on-prem applications such as OpenVPN, or their WiFi networks.
What G Suite and Okta have created is a powerful way to federate identities to web applications, but to sign-in to internal IT infrastructure, a core directory service is needed. That identity provider is now Directory-as-a-Service. As a cloud-hosted, SaaS-delivered directory service, it matches the model for both G Suite and Okta. It integrates with both platforms seamlessly and provides IT with a central, cloud directory.
If you are interested in figuring out whether G Suite SSO is better than Okta SSO, drop us a note. We’d be happy to help you think through the problem around Identity-as-a-Service. We also would encourage you to take a look at a cloud directory service. That may end up being even more important than a SSO solution for your centralized user management with G Suite.