Areas for improvement with Okta Workforce Identity would be in the governance place; for me, it is light. Okta is mostly focused on execution and runtime, which means maintaining authentication and ensuring people connect with the appropriate session. However, it could improve in the governance part, particularly regarding better role management and workflow, as I feel it is tedious on Okta. I think Okta could enhance the governance area of identity.

I believe that if we integrate the workflows section into the main Okta Workforce Identity dashboard, it can be very useful.

The drawback of this solution is that in our shops, many staff members sometimes have to be borrowed from one shop to another and the solution does not really support having multiple roles. The user experience we would like to have when a person works in shop A which pays their salary is that they should have access to pretty much everything. Maybe you have somebody who is a manager in that shop A, he should be able to order new wear, he should be able to change the pricing, he should be able to empty the cash registry, and ship it to the bank. But when for instance, in COVID, people had to fill in for people in shops where a lot of people were sick, then they had to actually use user accounts of people that work in shop B. If you were employed in shop A, you could not work in shop B without borrowing somebody else's user ID and password. Which is really bad. We haven't been able to work around that and Okta Workforce Identity does not have a solution for it.

We are now piloting their identity governance solution. Obviously, it's easy to give somebody access, give them an account, and give them roles, but it's hard to maintain that. For example, if you moved from, say working in a shop to working in a warehouse. But why do you still have all this shop access? The solution has until now not had anything to really support the process of taking away access. But now we are in a better release program of Okta's identity governance solution. Although it's very basic, the solution has started on a journey, but identity governance is something that Okta Workforce Identity really needs to improve.

The ability or the options in the solution for changing the look and feel are not good enough because in our partner portal, essentially what they have is an ugly admin interface. The admin interface is good enough for us technical people because that's all we need. We work with the product and we're able to see the data but when it comes to presenting the service portal, Okta Workforce Identity does not have any capabilities really for making it look pretty. 

To add branding and different graphical user interface elements than Okta basic for essentially delegated admin for the business-to-business portal is horrifying because you're essentially using the tech admin. The only option we had and used, was to take the tech admin console and strip it. so that a vendor that has some goods that are sold in the shops, when they want to add a user on their side, say a driver or a packer on their side who should know how much they've packed in a truck to come to our warehouse, then the user interface that this vendor is using, these functional people will then have to use an extremely basic user interface.

Okta should have at least a local presense for countries that align with or comply with GDPR or data sovereignty, so there are no compliance or audit questions. There are integration issues with Office 365; such as groups not updating correctly in Okta. Okta should work on resolving them.

The high cost of the product is an area of concern where improvements are required.

I would appreciate it if Okta Workforce Identity becomes more user-friendly. Its API technology is complicated. Certain applications may pose challenges in terms of integration, especially when they require IDP technologies that aren't easily codable. While I can't provide specific examples, some applications may not integrate with Okta Workforce Identity. 

There is a need for Okta to provide an end-to-end solution without needing a separate product like Zscaler for multifactor authentication. Additionally, Okta should enhance its endpoint defensive capabilities, as we currently use BeyondTrust for Elevator Access Management.

If Okta Workforce Identity has a strong integration with other OEM solutions and can leverage intelligence from those OEMs to enable automatic restricted access for users, it would be highly appreciated. For instance, if it can integrate with DLP and EDR solutions, and if the DLP detects suspicious user activities, it should automatically restrict access to sensitive applications or prompt for multi factor authentication.

The product is expensive compared to other tools.

The only area of concern in the solution stems from the fact that my company needs some help regarding the setup phase from a partner.

We had some implementation issues.

The solution's user interface needs to be improved and made easy. It has a lot of repetitive things. The solution should have a single pane of interface for admins.

Currently, it has two-factor authentication. In addition to biometrics, it should offer three-factor authentication. Also, the training is too costly. Okta could reduce the training cost to make it easier.

The stability could be better.

An area for potential improvement in Okta lies in the absence of a dedicated feature for backing up the configuration of our tenants. It is challenging to obtain a comprehensive backup. We have to manually document all the configurations. They could provide a built-in tool for creating backups mitigating potential issues or crises.

A room for improvement in Okta Workforce Identity is its price. It could be cheaper. The biggest benefit of the solution is that everything works securely without extra steps, so you're saving on your workforce's time and effort because your applications work smoothly and securely, but you'd need to pay some amount of money for that.

Another area that could be improved, though not necessarily regarding Okta Workforce Identity, is the SSO applications because so many of the source applications charge extra money to put the SSO to work, which means you have to buy a more expensive license. Nowadays, SSO is a mainstream functionality and it should be out-of-the-box in those applications because it's so easy to set up.

I use the tool at a low level, so it does what I need it to do for me.

The product does not offer enough integration capabilities. I want the tool to provide more integration capabilities in the future.

Okta Workforce Identity could improve provisioning it can be made simpler.

They are implementing in one of the newer releases certification, attestation, and some role-mining abilities, but I don't know how far along that's going to be. That's a statement that they said they are going to have in the future.

I'm not sure what areas need improvement. They are at the top in terms of identity management. I can't find any shortcomings. 

We don't need any additional features as it covers more than our needs. It's a massive tool. 

The solution is very expensive.

The error logging could be improved. Okta doesn't provide enough details when you are troubleshooting an issue. It's often difficult to fix it from our end, so we always need additional support from Okta.

I've been pleased with its capabilities overall. 

Support could be a bit faster.

It's not compatible with on-premises installations, unless you host it as a SaaS. We were not able to do that. For example, imagine a scenario where the cloud is not available. Then, Okta will not work for you. That use case will readily fail because it doesn't have an on-premises installation that you can use to authenticate or provide identity and access management. If you have a purely on-premises solution that is not connected to the internet, then this will not work. This is one area that can be improved.

I would also like to see more intelligent analysis of the identity and access management from Okta.

There are many things that Okta has to improve on. I understand that Okta has a lot of apps, like any other provider, e.g. Microsoft apps, IDP apps, or cloud identity apps.

The problem with Okta is that they create the app and they never update. In this fast-paced industry where versions keep getting updated, Okta is really slow at times.

None of the Okta applications that they create, for example, in my case: I have used the cloud identity of Microsoft apps and now I'm using the off tabs. What I found is none of the single Okta apps that we have worked and did not create an issue. They are not fully mature. So it's that aspect that can be improved, which Okta is investigating. Their application support and not having updates for those applications also need to be improved. These are the things that surprised me and I was not able to understand from Okta.

Okta's customer support should be improved.

Okta should work with certain providers, e.g. the Google cloud, the AWS cloud, the Microsoft cloud, and they should evaluate the integration point because what happens is if your organization has SSO which relies on Okta, all of these three clouds and the Okta app are far from perfect. You are not able to get the right setup based on how your security is trying to define it vs what the application can support. You'll end up using the default interface Okta provides with those apps.

I understand Okta could say that if they shouldn't worry about it because if AWS wanted to support Okta, then AWS should be the one providing us the app and support, but Okta should try to understand the users, do surveys from the different automation using Okta, and use different apps because those apps are very critical. They are far from perfect, so Okta has the worst implementation.

We are facing one issue with Cypress test cases. Whenever I write Cypress test cases, we encounter problems with logging in through Okta. There is no proper documentation on integrating test cases with Okta, and this issue is troubling whenever I try to implement it.

We faced some challenges during the Okta Identity Workforce deployment. Integrating with AWS and other cloud services posed some limitations with federated options. For instance, features like automatic user addition from AWS to the tool were missing, requiring manual intervention. The API is limited compared to the manual configuration possible through the UI.

I think Okta Workforce Identity could improve by making its API more robust, ensuring that all UI capabilities are exposed in the API. This is particularly important for integrating with other applications, such as AWS and other cloud providers.

Okta has a limitation with directory integrations. If you have multiple Active Directory integrations, the user distinguished name (DN) and the manager DN don't get imported properly into the Okta user profile. It has a property of Get AD user's property, but that has limitations when writing an expression language to import changes or updates to user DNs or manager DNs from AD, especially if you have AD master users.

Also, Okta doesn't have a partial push. It pushes down the full profile schema for lifecycle management or provisioning. Even if only one attribute gets updated, even though it is unmapped, it can override other values in the downstream application by nullifying the query. That's the biggest flaw in my experience.

The product releases a lot of brand-new features within the quarterly releases.

They should focus on providing top-notch team access management to companies.

We've not come across anything missing. It's under continual improvement. It is actually very good. We've not had any problems with Okta. I'd have to think hard to find anything that was badly implemented.

Okta Workforce Identity could improve the way passwords are reset and how it interfaces with Microsoft.

Okta Workforce Identity acquired Auth0 and they should have a solution with integration between the two.

The cost per user for this solution is really high and could be reduced. 

We have experienced some challenges in integrating this solution with Scope and Cognito. 

We experienced some technical glitches that need to be resolved. 

I go into further detail below in the 'stability' section.

The only aspect in which it can be improved is that the interface could be cleaner. I found this even when I was trying to do my certification exam because the certification is hands-on. You find yourself fumbling around a little bit to find simple things. This happens even when you start to get familiar with the product.

There are some issues with the interface that can be improved.

The guest user access could be improved. How do we authenticate people that aren't in our Active Directory?

In the next release, I would like to see passwordless access.

It is not very interesting from a marketing perspective. For this, you can use open source solutions to reflect different groups.

The integration with third-party tools needs to be improved. Mainly, the open-source APIs for Splunk would be helpful, as that is where they aggregate most of the data. If this process can be streamlined then it will definitely help.

With the device applications, when you are checking the logs, you can't hide the device and that's a feature that's missing. I'd like to see MDM source added. 

• Passwordless authentication. 
• Integration with the user provisioning infrastructure to track all entitlement changes; simplify the modeling of the role and access definitions at every stage of the user life cycle.  
• Automation of the entire entitlement and role review process, in alignment with business needs and requirements as stated by business leaders and managers. 
• Oversight in the form of dashboards reconciling and centralizing information for immediate insight into the status of access reviews and certification processes.

The product's connector framework needs improvement. There should be automated aggregation and complete classification processes included in it.

The solution's pricing needs improvement.

The solution’s policies are difficult to understand due to the policy methods. They use authentication. The solution’s workflow is also difficult and not very active. They need to have proper documentation on it. In the next release, I would like to see the workflows being more digestible.

My concern is that I live in an emerging country. In my country, there's a lot of stealing of mobile phones, and mobile phones are the authentication device through the Okta application. If someone should steal my mobile phone, which is very common in my country, he or she might have access to my company account. That's my concern. I don't know if there's another way of doing the authentification. Maybe if you can have a dedicated device for using Okta, it might be better, or if there were other options for authentication.

I would like to have a version of this software for personal use, for my personal accounts. 

This user integration with the Okta integration network could be simplified.

I do not see much room for improvement. I have not encountered any issues with the solution, though it may be worth checking this with the technical team involved in its implementation. 

This said, it is scalable for midsize companies and infrastructure but, owing to the regulations we have in place in Egypt, not every enterprise-sized company. This means the solution did not comply with everything in the financial sector, such as with our central bank. As such, one who is working in the financial sector must resort to another solution or, at the least, another one in addition to Okta Workforce Identity. 

The solution should have greater on-premises availability, not just cloud and more package customization in its processing. 

The solution needs to improve its own marketing. It's a great solution, however, most people don't know what it does. It should be first in line for onboarding employees. 

The solution should continue to work to improve its interface and make it more user-friendly.

The initial setup can be complex at first.

The lifecycle management part can be improved. It should also have identity governance and the ability to choose a specific factor authentication at the application level.

Its licensing and pricing can also be improved.

The pricing could be improved. Right now, it's a bit expensive. They should work to make it more affordable.

In general, the solution isn't really missing any features. It's rather complete. I can't recall anything that would need to be added into future updates.

API Securities Solution

They also have single sign-on (SSO). When we bought Okta Workforce Identity a year and a half ago, I was also looking at SSO, but not much documentation was available for SSO. The documentation for SSO should be a little more robust for somebody who is implementing it for the first time. 

It would be pricing, which is a tough one because it goes against Microsoft. A lot of companies say they're a Microsoft partner, and they get all their software for free.

Okta is like a luxury product, and it's not the most affordable one. I would say if they could work on pricing, it would help. Other than that, they've done great strides in developing a product that is really good. The companies that do see the value tend to invest in it.

Command line access

Reporting

The solution lacks an on-premises deployment model so it can't offer a hybrid solution. It would be ideal if clients had options that weren't just cloud-based.

Better multi-factor authentication integration and support, it's around v2.0 and will need a 3.0 release for maturity.

On the admin side, we can create our own passwords instead of generating one, which is usually difficult to explain to a user. Otherwise, the application is pretty awesome.

RESTful Web Service calls and their response seem a bit slow.

Maybe the interface could use some work but, for the most part, the tool is pretty cool.

We still had to write several internal programs/scripts to complete the user-provisioning process. Okta does not have the ability to provision mailbox accounts for on-premise Exchange or in a hybrid O365 environment. The Group Push function from Okta to AD did not work reliably in our environment.

UD attribute mapping, Okta group rules, and dynamic usage could use improvement. More in-depth functionality and features to integrate with RADIUS solutions.

I would like to see further integrations with applications and services such as Office 365.

• A couple of improvements with the lifecycle management that will help companies that don't have an HRIS system to help manage contractors and contingent workers would be to add ways to disable their accounts once a certain time point is designated.
• Also, an improvement to the reporting capabilities can make running reports easier and more customizable.

Okta Workforce Identity can improve by having more features in governance.

It's my personal opinion, but it was a classic UI and now the UI is different. I was used to the old UI and when I moved from the old to new, I found it a bit difficult.

Okta can consider to become also a password vaulting manager. We also didn't find an option to setup access to web services that require second factor authentication. Also it's hard to figure out which license is responsible for which features and how are they correlated.

They could provide collaboration with Microsoft for conditional access and other features. They could work on reducing bugs as well.

In some setup cases, there are issues with attributes not going in properly. We've also had some problems with the firewall causing the data center to slow down.

Okta could improve by making their learning materials more user-friendly. They could also enhance the flexibility of their MFA feature, allowing clients to implement preferred MFA methods without restrictions.