By Greg Keller Posted November 19, 2015
Identity management is a complex topic, one that is often confusing for IT organizations. There are numerous sub-segments to consider. One of the most commonly asked questions our team gets is about Directory-as-a-Service® (DaaS) and how it compares to web application Single Sign-on (SSO). More specifically, we’re asked how JumpCloud® compares to Okta®, which is one of the leading SSO providers on the market. Before we compare the two, we’ll make one thing clear: We have a number of customers who use both JumpCloud and Okta seamlessly. The two solutions are very much complementary to each other, similiar to how OneLogin and JumpCloud are complementary.
Comparing Okta (SSO) to JumpCloud (DaaS)
In the identity management market, Single Sign-on (SSO) and Directory-as-a-Service (DaaS) are considered separate categories. Single sign-on solutions are leveraged on top of directory service solutions, since the core directory service is the authoritative source of the identity. A user’s credentials are federated to the SSO provider, Okta for example, which connects the user to a number of web applications. SSO providers like Okta are most commonly used to connect to web applications. Conversely, directory services are used to connect users to all their IT resources, including devices, applications, and networks.
In order to better understand the core differences between Okta (SSO) and and JumpCloud (Daas), here are five things to consider:
- Device Authentication – IT organizations need to manage device authentication, specifically, user access to particular devices. JumpCloud’s Directory-as-a-Service connects users to their laptops, desktops, and servers. IT admins have central control over who has access and can terminate access to devices whenever needed. JumpCloud’s DaaS handles the three major platforms: Windows®, Mac®, and Linux®. SSO solutions, such as Okta, do not handle device authentication.
- Device Management – Similar to how Microsoft® Active Directory® has managed Windows devices, JumpCloud’s Directory-as-a-Service helps manage Windows, Mac, and Linux devices. IT admins have full control over devices, including the ability to execute scripts, update applications, change files, and set security configurations. Full device management capabilities are an important part of providing the next generation directory service. SSO solutions like Okta connect users to their web applications. The device itself is largely superfluous for SSO providers. In short, Okta doesn’t provide any device management capabilities, but JumpCloud does.
- Legacy Application Authentication – LDAP-based applications are a core part of what users need to access. Since JumpCloud’s Directory-as-a-Service a platform connects users to whatever they need, especially on-premise, DaaS enables legacy application authentication. Okta and other SSO providers have focused on the SAML protocol and, as a result, have largely skipped LDAP applications. To be fair, many LDAP-based applications are hosted on-premises or within private clouds, so the need for web application SSO is not as applicable.
- Web Applications – Perhaps the area of greatest distinction is that Okta and other SSO providers connect users to thousands of web applications. Virtually any web application with a business purpose can be accessed by Okta users. This is a powerful service when considering that more and more organizations are moving their applications to the cloud. JumpCloud’s Directory-as-a-Service enables access to a growing library of applications, including Google Apps (now called G Suite™). The intent of JumpCloud’s connection to web applications is to connect to core places where alternate directories live, rather than be an SSO provider. In fact, JumpCloud can integrate with Okta through the LDAP protocol.
- Infrastructure-as-a-Service (IaaS) – JumpCloud’s Directory-as-a-Service connects users to AWS®, Google Compute Engine, Azure®, and many other IaaS providers. Specifically, JumpCloud connects users to the actual servers. Okta connects users to the user management consoles of these IaaS providers, but Okta doesn’t authenticate users to the server infrastructure.
Verdict: JumpCloud and Okta are largely complementary and often used simultaneously at a number of companies. Most often Okta customers use JumpCloud as an alternative to Active Directory. This allows organizations to fully move their identity management infrastructure to the cloud.