Okta® Vs Centrify®

By Ryan Squires Posted August 16, 2019

Okta® vs Centrify® used to be a heavyweight fight in the identity and access management (IAM) space. But, with the changes at Centrify, it seems as though the two no longer heavily compete in that arena. With that said, let’s take a look at what makes this comparison useful today, even as Centrify has seemed to shift its focus. 

Okta and Single Sign-On

As you’re probably aware, Okta is a web application single sign-on (SSO) company, but what they do may also be referred to Identity-as-a-Service (IDaaS). Their goal is to ultimately enable their customers to access web applications through a browser plug-in or via a user customizable web portal. But, while Okta’s focus is ultimately on cloud-based web applications, Okta’s customers often rely on Microsoft® Active Directory® (AD) as their source of truth for user identities. Clearly, for organizations that want to have their infrastructure based in the cloud, having one foot on-prem and the other in the cloud may be considered less than ideal. So, what is Centrify all about?

Centrify—Linux® and Mac®

Centrify had a similar start in that they built their solution on top of AD. But, instead of facilitating access to web applications, they focused their attention on enabling access to macOS® and Linux® devices. Essentially, Centrify acted as an identity bridge to help IT admins manage Mac and Linux-based user identities using Active Directory. In fact, for a long time Centrify’s on-prem, enterprise-class system was the product of choice to extend AD identities to Mac and Linux devices. 

Web Applications

As the need to extend Active Directory-based identities to web applications started to rise to the top of the priority list, Okta became a much more popular solution. Of course, Centrify didn’t sit on their hands; they too created their own SSO solution. This move, in turn, resulted in the two companies being put in direct competition with one another. So while the individual focal point of each company started in different aspects of IAM, the rise of web applications ultimately cemented Okta’s Identity-as-a-Service (IDaaS) focus and provided an impetus for a shakeup at Centrify. 

As Okta gained ground in the (IDaaS) world, it seemed like Centrify started to struggle as they recently split the company in two—Centrify and Idaptive®. Centrify’s focus is with privileged access management (PAM) and Idaptive set its sights on the IDaaS market. All told, at this point it seems as though Centrify is back to its roots with Linux access management sans the interest in managing Mac devices (Centrify Express, their Mac solution, was recently discontinued). Their spin-off company, Idaptive, will take on Okta and other SSO providers. 

Okta vs Centrify and the IdP Question

In both cases, though, customers need to determine the best backing solution with regards to their core identity provider (IdP). For organizations that need to continue using Active Directory, but lack the ability to integrate Macs with it due to Centrify’s EOL, JumpCloud® has a feature that can step in. 

Called AD Sync, JumpCloud empowers IT organizations to continue using AD as the source of truth for their organization while enabling users to change their password and have it sync with Active Directory directly from their MacBook®—and vice versa. It’s a bi-directional sync. Users no longer have to file tickets for simple password resets and IT admins save time because their users can self-service their own password changes. Further, once that password is changed, it changes on all JumpCloud-managed resources. We call it True Single Sign-On, and ultimately, the value here lies in the ability to extend your existing IAM infrastructure to the tools you need now and in the future. 

For others who are ready to leave Active Directory behind, JumpCloud Directory-as-a-Service® can act as your core identity provider. Because it’s from the cloud, you no longer have to configure, maintain, or secure on-prem implementations like Active Directory, OpenLDAP™, or FreeRADIUS servers. Plus, you still get all the benefits of True Single Sign-On like one password for systems (Windows®, Mac, Linux), AWS®, G Suite™, and many more. 

Try JumpCloud Today

Whether you’re ready to leave Active Directory or not, the Okta vs Centrify debate has taken on a new angle as a result of Centrify’s split. That said, JumpCloud can help to streamline your IT operations and deliver value to your existing tools. If you’re ready to check Directory-as-a-Service out, sign up for a demo today and see how the platform can work in your unique environment. If you just want to get your hands dirty, sign up for a free account. Your first 10 users are free forever. 

Ryan Squires

Ryan Squires is a content writer at JumpCloud, a company dedicated to connecting users to the IT resources they need securely and efficiently. He has a degree in Journalism and Media Communication from Colorado State University.

Recent Posts