What needs improvement with Okta Workforce Identity?

I believe that if we integrate the workflows section into the main Okta Workforce Identity dashboard, it can be very useful.

Okta should have at least a local presense for countries that align with or comply with GDPR or data sovereignty, so there are no compliance or audit questions. There are integration issues with Office 365; such as groups not updating correctly in Okta. Okta should work on resolving them.

We are facing one issue with Cypress test cases. Whenever I write Cypress test cases, we encounter problems with logging in through Okta. There is no proper documentation on integrating test cases with Okta, and this issue is troubling whenever I try to implement it.

There is a need for Okta to provide an end-to-end solution without needing a separate product like Zscaler for multifactor authentication. Additionally, Okta should enhance its endpoint defensive capabilities, as we currently use BeyondTrust for Elevator Access Management.

Okta could improve by making their learning materials more user-friendly. They could also enhance the flexibility of their MFA feature, allowing clients to implement preferred MFA methods without restrictions.

The high cost of the product is an area of concern where improvements are required.

Okta has a limitation with directory integrations. If you have multiple Active Directory integrations, the user distinguished name (DN) and the manager DN don't get imported properly into the Okta user profile. It has a property of Get AD user's property, but that has limitations when writing an expression language to import changes or updates to user DNs or manager DNs from AD, especially if you have AD master users. Also, Okta doesn't have a partial push. It pushes down the full profile schema for lifecycle management or provisioning. Even if only one attribute gets updated, even though it is unmapped, it can override other values in the downstream application by nullifying the query. That's the biggest flaw in my experience. The product releases a lot of brand-new features within the quarterly releases.

If Okta Workforce Identity has a strong integration with other OEM solutions and can leverage intelligence from those OEMs to enable automatic restricted access for users, it would be highly appreciated. For instance, if it can integrate with DLP and EDR solutions, and if the DLP detects suspicious user activities, it should automatically restrict access to sensitive applications or prompt for multi factor authentication.

I use the tool at a low level, so it does what I need it to do for me. The product does not offer enough integration capabilities. I want the tool to provide more integration capabilities in the future.

They could provide collaboration with Microsoft for conditional access and other features. They could work on reducing bugs as well.

They should focus on providing top-notch team access management to companies.

I would appreciate it if Okta Workforce Identity becomes more user-friendly. Its API technology is complicated. Certain applications may pose challenges in terms of integration, especially when they require IDP technologies that aren't easily codable. While I can't provide specific examples, some applications may not integrate with Okta Workforce Identity.

The stability could be better.

The product's connector framework needs improvement. There should be automated aggregation and complete classification processes included in it.

The solution's pricing needs improvement.

I'm not sure what areas need improvement. They are at the top in terms of identity management. I can't find any shortcomings. We don't need any additional features as it covers more than our needs. It's a massive tool. The solution is very expensive.

I've been pleased with its capabilities overall. Support could be a bit faster.

The error logging could be improved. Okta doesn't provide enough details when you are troubleshooting an issue. It's often difficult to fix it from our end, so we always need additional support from Okta.

In some setup cases, there are issues with attributes not going in properly. We've also had some problems with the firewall causing the data center to slow down.

The drawback of this solution is that in our shops, many staff members sometimes have to be borrowed from one shop to another and the solution does not really support having multiple roles. The user experience we would like to have when a person works in shop A which pays their salary is that they should have access to pretty much everything. Maybe you have somebody who is a manager in that shop A, he should be able to order new wear, he should be able to change the pricing, he should be able to empty the cash registry, and ship it to the bank. But when for instance, in COVID, people had to fill in for people in shops where a lot of people were sick, then they had to actually use user accounts of people that work in shop B. If you were employed in shop A, you could not work in shop B without borrowing somebody else's user ID and password. Which is really bad. We haven't been able to work around that and Okta Workforce Identity does not have a solution for it. We are now piloting their identity governance solution. Obviously, it's easy to give somebody access, give them an account, and give them roles, but it's hard to maintain that. For example, if you moved from, say working in a shop to working in a warehouse. But why do you still have all this shop access? The solution has until now not had anything to really support the process of taking away access. But now we are in a better release program of Okta's identity governance solution. Although it's very basic, the solution has started on a journey, but identity governance is something that Okta Workforce Identity really needs to improve. The ability or the options in the solution for changing the look and feel are not good enough because in our partner portal, essentially what they have is an ugly admin interface. The admin interface is good enough for us technical people because that's all we need. We work with the product and we're able to see the data but when it comes to presenting the service portal, Okta Workforce Identity does not have any capabilities really for making it look pretty. To add branding and different graphical user interface elements than Okta basic for essentially delegated admin for the business-to-business portal is horrifying because you're essentially using the tech admin. The only option we had and used, was to take the tech admin console and strip it. so that a vendor that has some goods that are sold in the shops, when they want to add a user on their side, say a driver or a packer on their side who should know how much they've packed in a truck to come to our warehouse, then the user interface that this vendor is using, these functional people will then have to use an extremely basic user interface.

A room for improvement in Okta Workforce Identity is its price. It could be cheaper. The biggest benefit of the solution is that everything works securely without extra steps, so you're saving on your workforce's time and effort because your applications work smoothly and securely, but you'd need to pay some amount of money for that. Another area that could be improved, though not necessarily regarding Okta Workforce Identity, is the SSO applications because so many of the source applications charge extra money to put the SSO to work, which means you have to buy a more expensive license. Nowadays, SSO is a mainstream functionality and it should be out-of-the-box in those applications because it's so easy to set up.

Okta Workforce Identity could improve provisioning it can be made simpler. They are implementing in one of the newer releases certification, attestation, and some role-mining abilities, but I don't know how far along that's going to be. That's a statement that they said they are going to have in the future.

The cost per user for this solution is really high and could be reduced. We have experienced some challenges in integrating this solution with Scope and Cognito.

We've not come across anything missing. It's under continual improvement. It is actually very good. We've not had any problems with Okta. I'd have to think hard to find anything that was badly implemented.

This user integration with the Okta integration network could be simplified.

There are many things that Okta has to improve on. I understand that Okta has a lot of apps, like any other provider, e.g. Microsoft apps, IDP apps, or cloud identity apps. The problem with Okta is that they create the app and they never update. In this fast-paced industry where versions keep getting updated, Okta is really slow at times. None of the Okta applications that they create, for example, in my case: I have used the cloud identity of Microsoft apps and now I'm using the off tabs. What I found is none of the single Okta apps that we have worked and did not create an issue. They are not fully mature. So it's that aspect that can be improved, which Okta is investigating. Their application support and not having updates for those applications also need to be improved. These are the things that surprised me and I was not able to understand from Okta. Okta's customer support should be improved. Okta should work with certain providers, e.g. the Google cloud, the AWS cloud, the Microsoft cloud, and they should evaluate the integration point because what happens is if your organization has SSO which relies on Okta, all of these three clouds and the Okta app are far from perfect. You are not able to get the right setup based on how your security is trying to define it vs what the application can support. You'll end up using the default interface Okta provides with those apps. I understand Okta could say that if they shouldn't worry about it because if AWS wanted to support Okta, then AWS should be the one providing us the app and support, but Okta should try to understand the users, do surveys from the different automation using Okta, and use different apps because those apps are very critical. They are far from perfect, so Okta has the worst implementation.

The only aspect in which it can be improved is that the interface could be cleaner. I found this even when I was trying to do my certification exam because the certification is hands-on. You find yourself fumbling around a little bit to find simple things. This happens even when you start to get familiar with the product.

I do not see much room for improvement. I have not encountered any issues with the solution, though it may be worth checking this with the technical team involved in its implementation. This said, it is scalable for midsize companies and infrastructure but, owing to the regulations we have in place in Egypt, not every enterprise-sized company. This means the solution did not comply with everything in the financial sector, such as with our central bank. As such, one who is working in the financial sector must resort to another solution or, at the least, another one in addition to Okta Workforce Identity. The solution should have greater on-premises availability, not just cloud and more package customization in its processing.

It's my personal opinion, but it was a classic UI and now the UI is different. I was used to the old UI and when I moved from the old to new, I found it a bit difficult.

Okta can consider to become also a password vaulting manager. We also didn't find an option to setup access to web services that require second factor authentication. Also it's hard to figure out which license is responsible for which features and how are they correlated.

The solution needs to improve its own marketing. It's a great solution, however, most people don't know what it does. It should be first in line for onboarding employees. The solution should continue to work to improve its interface and make it more user-friendly. The initial setup can be complex at first.

There are some issues with the interface that can be improved.

The guest user access could be improved. How do we authenticate people that aren't in our Active Directory? In the next release, I would like to see passwordless access.

API Securities Solution

The integration with third-party tools needs to be improved. Mainly, the open-source APIs for Splunk would be helpful, as that is where they aggregate most of the data. If this process can be streamlined then it will definitely help.

They also have single sign-on (SSO). When we bought Okta Workforce Identity a year and a half ago, I was also looking at SSO, but not much documentation was available for SSO. The documentation for SSO should be a little more robust for somebody who is implementing it for the first time.

With the device applications, when you are checking the logs, you can't hide the device and that's a feature that's missing. I'd like to see MDM source added.

It would be pricing, which is a tough one because it goes against Microsoft. A lot of companies say they're a Microsoft partner, and they get all their software for free. Okta is like a luxury product, and it's not the most affordable one. I would say if they could work on pricing, it would help. Other than that, they've done great strides in developing a product that is really good. The companies that do see the value tend to invest in it.

* Passwordless authentication. * Integration with the user provisioning infrastructure to track all entitlement changes; simplify the modeling of the role and access definitions at every stage of the user life cycle. * Automation of the entire entitlement and role review process, in alignment with business needs and requirements as stated by business leaders and managers. * Oversight in the form of dashboards reconciling and centralizing information for immediate insight into the status of access reviews and certification processes.

The solution lacks an on-premises deployment model so it can't offer a hybrid solution. It would be ideal if clients had options that weren't just cloud-based.

Better multi-factor authentication integration and support, it's around v2.0 and will need a 3.0 release for maturity.

On the admin side, we can create our own passwords instead of generating one, which is usually difficult to explain to a user. Otherwise, the application is pretty awesome.

RESTful Web Service calls and their response seem a bit slow.

We still had to write several internal programs/scripts to complete the user-provisioning process. Okta does not have the ability to provision mailbox accounts for on-premise Exchange or in a hybrid O365 environment. The Group Push function from Okta to AD did not work reliably in our environment.

Maybe the interface could use some work but, for the most part, the tool is pretty cool.

UD attribute mapping, Okta group rules, and dynamic usage could use improvement. More in-depth functionality and features to integrate with RADIUS solutions.

Command line access Reporting