Buyer's Guide
Single Sign-On (SSO)
November 2022
Get our free report covering Microsoft, Okta, Fortinet, and other competitors of Thales SafeNet Trusted Access. Updated: November 2022.
656,862 professionals have used our research since 2012.

Read reviews of Thales SafeNet Trusted Access alternatives and competitors

Tor Nordhagen - PeerSpot reviewer
Executive Director at Semaphore
Real User
Top 5
Extremely easy to work with, simple to set up, and reasonably priced
Pros and Cons
  • "First of all, the solution is very simple."
  • "The ability or the options in the solution for changing the look and feel are not good enough because in our partner portal, essentially what they have is an ugly admin interface."

What is our primary use case?

I work for one of Norway's largest employers with 50,000 employees. This is Norway's largest retail chain and we use it for 30,000 workers in retail, 15,000 in warehousing, and 5,000 in the corporate environment. For all of these, onboarding is automated to the HR and we have an old CA, which is now called the Broadcom Identity Management Solution for provisioning into Okta Workforce Identity. In this solution, we take those 50,000 identities and we've now built a B2B portal so that vendors, producers of the stuff that is sold in these retail chains, can log on and do things like plan their shipments, have the accounting done, et cetera, et cetera. So there are about maybe 20,000 people, a total of 70,000 people in this identity space. Last but not least, is the PAM solution. So we have maybe 300 IT staff on shore and we have maybe 600 offshore. I haven't done the latest count, but around 1000 IT workers authenticate through Okta Workforce Identity but are then given access to the PAM solution because the PAM solution protects both our cloud environment and our on-prem environment. We use the cloud to get into the on-prem.

What is most valuable?

First of all, the solution is very simple. It's actually made for smaller companies. So working with it, I wouldn't say that anyone could do it, but everything can be expressed as groups and rules. 

What needs improvement?

The drawback of this solution is that in our shops, many staff members sometimes have to be borrowed from one shop to another and the solution does not really support having multiple roles. The user experience we would like to have when a person works in shop A which pays their salary is that they should have access to pretty much everything. Maybe you have somebody who is a manager in that shop A, he should be able to order new wear, he should be able to change the pricing, he should be able to empty the cash registry, and ship it to the bank. But when for instance, in COVID, people had to fill in for people in shops where a lot of people were sick, then they had to actually use user accounts of people that work in shop B. If you were employed in shop A, you could not work in shop B without borrowing somebody else's user ID and password. Which is really bad. We haven't been able to work around that and Okta Workforce Identity does not have a solution for it.

We are now piloting their identity governance solution. Obviously, it's easy to give somebody access, give them an account, and give them roles, but it's hard to maintain that. For example, if you moved from, say working in a shop to working in a warehouse. But why do you still have all this shop access? The solution has until now not had anything to really support the process of taking away access. But now we are in a better release program of Okta's identity governance solution. Although it's very basic, the solution has started on a journey, but identity governance is something that Okta Workforce Identity really needs to improve.

The ability or the options in the solution for changing the look and feel are not good enough because in our partner portal, essentially what they have is an ugly admin interface. The admin interface is good enough for us technical people because that's all we need. We work with the product and we're able to see the data but when it comes to presenting the service portal, Okta Workforce Identity does not have any capabilities really for making it look pretty. 

To add branding and different graphical user interface elements than Okta basic for essentially delegated admin for the business-to-business portal is horrifying because you're essentially using the tech admin. The only option we had and used, was to take the tech admin console and strip it. so that a vendor that has some goods that are sold in the shops, when they want to add a user on their side, say a driver or a packer on their side who should know how much they've packed in a truck to come to our warehouse, then the user interface that this vendor is using, these functional people will then have to use an extremely basic user interface.

For how long have I used the solution?

I have been using the solution for three years.

What do I think about the stability of the solution?

The stability is fantastic and has never been down. I give the stability a ten out of ten.

What do I think about the scalability of the solution?

The solution's cloud environment seems to be highly scalable. We haven't found any bottlenecks there. The only bottlenecks we found are within our own infrastructure.

How are customer service and support?

The customer support guy for Okta in Europe, a relationship manager, used to be a friend of mine when I lived in Sydney, Australia. He worked for Sun Microsystems systems back then. Sun Microsystems was the best product in the IT industry. Now Okta Workforce Identity is the best in the identity industry. The solution is not perfect because it's meant to be high volume, simple functionality, and all the basics first. The point is they're now adding functionality and this is where the EMEA lead, he's been in this industry for 20 years just like me. And he's so good. The team that he has, again, the tech team that they have is fabulous. The tech team is on par with maybe the absolutely best tech team that I've ever experienced with CyberArk, but the Okta guys are brilliant.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Previous to using Okta Workforce Identity we used Oracle Access Manager and it was horrible. Oracle Access Manager didn't scale, it had a lot of bugs, and it was expensive. Oracle was charging obscene license fees for a product that was rubbish.

How was the initial setup?

The initial setup is very easy. Building a new environment is easy because nobody is better than Okta Workforce Identity when it comes to deployment. I give the setup a ten out of ten for ease.

What about the implementation team?

The implementation was completed in-house by our two engineers.

What was our ROI?

I give the solution an eight out of ten for return on investment. I would not give the solution a ten because our brand is hurting a little bit by having these non-customizable external interfaces. 

What's my experience with pricing, setup cost, and licensing?

The licensing is per user per month and includes full technical support. I give the pricing a six out of ten. It's not a bad product for a high price like Oracle is. It's a good product for a fair price but It's not cheap.

What other advice do I have?

I give the solution a nine out of ten.

The thing is you can build a deployment in a day. So creating a new environment is done overnight, 24 hours. But if you say, how long does it take for us to build the connection so that CA was able to give us the data we needed to fill the roles in the solution, and then get provisioning up to work with Azure AD, and the main applications, that took us six months. Not because of Okta Workforce Identity but because of all these interfaces. That's always the killer with identity implementations. The interfaces you need to speak with to get your source, your HR data, or partner data. Maybe the best example is the partner portal. That took one year but that was more to get what's the functionality, what's the user experience. Okta Workforce Identity for engineers is a pretty solution. 

There are over 70,000 people using this solution.

We also use Thycotic Secret Server for privileged access management. So for all the tech people that need to say take backup our ERP, warehousing applications or put a new feature in the warehousing applications or upgrade the point of sale system, all those tech people get access to Thycotic Secret Server. I think there are 1000 that are actually employed onshore and offshore by my employer. And another 1000 that are tech people that maintain switches, operating technology kind of equipment. So about 2000 people have Thycotic accounts. But 70,000 have user accounts and user access. With Okta Workforce Identity everything is included with the licensing fee. If you've ever seen an Oracle licensing agreement there are loopholes in there and so you end up paying for additional items above the Access Manager, for example, you also pay for the database that it runs on. With Okta Workforce Identity it's simple. You get what you pay for. No more, no less.

I understand that Okta Workforce Identity has chosen to go for simplicity first. And that complex functionality, which we, being a very large customer... There are not many like us. We have more difficult requirements than most. But to do the simple things so well that we don't have to worry about them means we can focus on the last 10% of requirements. That will always be hard. And that's why I think the solution does 90% of the requirements so well that you need to do every day, so we can focus on the remaining 10%, which may not even be an Okta Workforce Identity problem. It is just a problem that you end up with when you have a very large business with a user portfolio that is everything from server admin from India to a trucking company that needs access to the warehousing doors in another part of the world. Okta Workforce Identity from an access management point of view is a nine out of ten.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Buyer's Guide
Single Sign-On (SSO)
November 2022
Get our free report covering Microsoft, Okta, Fortinet, and other competitors of Thales SafeNet Trusted Access. Updated: November 2022.
656,862 professionals have used our research since 2012.