The cloud-based identity and access management (IAM) space is crowded with vendors—including IBM and Okta—who all make similar claims. As key features like single sign-on (SSO) and multifactor authentication (MFA) become standard, organizations need more from IAM solutions such as IBM Verify and Okta Identity Cloud. They need the ability to scale and modernize to support their zero-trust initiatives and to protect their internal and external users, assets and data in a hybrid cloud world.
See how IBM Verify extends IDaaS modernization
Capability
IBM
OKTA
Single sign-on
Federated single sign-on to cloud, on-prem and mobile apps with pre-built connectors for common SaaS apps
Protection of legacy on-prem apps from the cloud
Lightweight, containerized reverse proxy to protect apps traditionally junctioned behind reverse proxies without the complexity—at no additional cost
Adaptive access
Some degree of contextual risk detection across location, device and IP address parameters easily tied to access policies
Ready-to-use advanced risk-based authentication insights such as behavioral biometrics
Continuous authentication for mobile web and native apps
Identity analytics
Holistic view of identity lifecycle risk, including decision support in the form of risk scores for users, applications and entitlements; accompanied by recommended mitigation actions powered by machine learning
Consent management
Storing user consent as an attribute
No-code workflows included to define and create data access purposes for users’ sensitive data
Customizable consent determination rules based on purpose and geographic conditions
Lifecycle management
Universal cloud directory with bidirectional mastering from any number of third-party identity providers
Several strategies for user provisioning and lifecycle management to extend existing investments, including Active Directory and LDAP agents with attribute-level mastering, JIT and SCIM provisioning, and API-based provisioning
Password reset self-service, access request workflows, and delegated administration to line-of-business managers
Automated, periodic access recertification campaigns for any app with customizable scope for users, groups and account types
Passwordless authentication
Wide array of MFA methods, including SMS, email, voice and time-based one-time passwords, mobile push and biometrics
Ability to apply adaptive MFA broadly across cloud and on-prem apps, VPN, Linux SSH and remote desktop protocol (RDP)
QR code and FIDO2 passwordless authentication
General
Support for both workforce and consumer IAM use cases from one solution
Ready-to-use integrations with commonly used social authentication providers such as Google, LinkedIn and Apple
Built-in reporting to diagnose authentication events
Developer resources to support embedding identity functions into custom apps
Cloud-native service with multi-region coverage, scalability and high availability to support data residency and redundancy requirements
SAML 2.0 and OIDC support
SOC 2 Type II, PCI DSS, ISO 27001, ISO 27017, and ISO 27018 certifications