Cross Identity

Official Blog

Something Better than Okta

Something better than Okta

What shines isn’t always Gold

One of the first vendors that spring to mind when thinking about Access Management is Okta. They have the largest market share in the Access Management industry (excluding the behemoth Microsoft), and   their product is an excellent offering. But it has various drawbacks and isn’t always the best choice for an IAM vendor.

A deeper look at Okta reveals a shockingly excessive price. They also don’t offer true Converged IAM, which is the go-to technology for mid-market customers. Other significant issues include overwhelming documentation and the necessity of using a phone to log in. The software is also difficult to implement in-house, particularly for mid-market customers, and their professional services are expensive. Some customers also question the quality of their support.

Feedback from our own customers as well as reviews on various websites concurs on many of the drawbacks of purchasing Okta.

Grossly Expensive

The full set of Access Management features with (limited) Lifecycle Management for 1000 users costs a whopping $400,000/year!

Okta is an excellent, feature-rich, and powerful software, but are there no competitors with equivalent offerings which cost less?

And what about the other modules of IAM? Deeper Identity Administration, and Access Governance are all missing.

Even those organizations that can afford this high price ought to shop around for something that offers more IAM for less.

Cross Identity is the world’s most cost-efficient Converged IAM product. This is because it follows a unique pay-per-use model. Customers pay a small, fixed cost for cloud hosting and basic support, followed by payments towards what they use; Single Sign-on login events, Password Resets, Context Multifactor Authentications, Access Requests made, Users Onboarded, Accesses Certified, and so on.

The cost is cents compared to the dollars you pay for Okta.

Not Converged IAM

Converged IAM is the technology Gartner says will account for more than 70% of new IAM implementations by 2025.

Converged IAM combines all elements of Identity and Access Management into one platform (built on a common codebase.) A Converged IAM product would offer Single Sign-on, Multifactor Authentication, Password Management, Lifecycle Management, Access Request, and Access Certification, all in one product.

Monetary benefits aside, Converged IAM products leverage the power of synergy. For instance,

  • A Converged IAM solution can perform better authentication with additional risk signals generated by its IGA module. For example, it can consider the list of entitlements assigned (IGA) and step-up or step-down authentication based on this (AM).
  • A Converged IAM solution can consider the age of the last access review/recertification performed on a user (IGA) and can step up the authentication or deny access if it’s been too long (AM).
  • It can check whether the account is an Orphan Account (an active account with no registered user) (IGA), and step-up authentication or deny the access based on the result (AM).
  • If a user performs multiple unsuccessful logins within a short time (AM), a converged solution can immediately initiate a micro-certification process (IGA).
  • It can initiate the recertification of access (IGA) based on latent time since the last access (AM).

These are just a few examples of the power of synergy when leveraged in a Converged IAM solution.

Okta offers integration with some Identity Governance and Identity Administration products, but synergy is impossible because they are separate products built on different codebases.

Cross Identity is the world’s most complete (and only true) Converged IAM solution. The product was well ahead of the curve, envisioning a Converged IAM platform for the mid-market several   years   before Gartner discovered technology was moving that way.

It offers all modules of IAM – Single Sign-on, Context MFA, Password Management, Lifecycle Management, Access Request, and even Access Certification, built into one product.

The entire software presents flawlessly on one dashboard and is built for ease of implementation and use. Organizations with limited IT staff can implement the product by themselves with ease, or with  inexpensive support from Cross Identity. 

Per-user Subscription Involves Wasteful Expenditure

Per-user subscriptions might be a big upgrade from perpetual licenses, but they still leave a lot to be desired. While total costs are less with per-user subscriptions, there are still several challenges left unsolved.

For instance, if you pay for 1000 users, and some employees or contractors don’t use the product for a period, you’re essentially wasting dollars. Most companies also purchase extra licenses to future-proof themselves. These are more unused licenses.

Users also don’t consume evenly. Engineering departments utilize nearly 90% of IAM features, while Sales departments hardly use 20%. With per-user subscriptions, you are wasting large sums of money by paying the same for every user.

The alternative to this is a pay-per-use product. CI from

Cross Identity is the world’s only pay-per-use Converged IAM solution.

Okta offers no insight into Solution or App Usage

A per-user subscription such as Okta doesn’t provide customers with insight into the usage of its own software or other applications. You don’t get to know which departments are using the solution effectively, and which departments can be encouraged to increase their usage.

As a pay-per-use solution, CI reveals metrics for solution usage by department, right down to the usage of everyone. It also provides insight into the usage of various applications in the organization’s IT environment.

Difficult to Implement

While Okta comes with extensive documentation, it typically requires dedicated IAM staff to implement. Dedicated IAM staff are hard to come by and expensive to retain. Smaller and mid-sized businesses don’t have much IT staff to spare. A typical scenario involves paying for third-party implementation, or for Okta’s expensive professional services.

CI was designed for the mid-market. As such, it can be implemented in-house with minimal support. The product sports a Guided Help feature, which provides admins with real-time prompts and guidance when installing and using the software. For more complex installations, customers can choose one of our implementation support packages, at a fraction of the cost of third-party vendors or Okta professional services.

Post-implementation Support isn’t the Best

Feedback from many Okta customers is that post-implementation support from Okta isn’t very good. They typically refer customer queries to their documentation and then leave customers on their own to find solutions.

Cross IdentityProduct’s post-implementation support for CI comes in four flavors: Classic, Silver, Gold, and Enterprise. For the minimal cost (or nothing at all in the Classic package), customers can benefit from varying degrees of post-implementation support, including dedicated onsite resources.

Okta isn’t Complete IAM, and Multiple Solutions Cost More

As of 2022, Okta does not offer Password Management or Access Certification.

Password Management in Cross Identity can save organizations up to $200,000/year for 1000 users. This is because being locked out of accounts costs money for unproductive employees as well as helpdesk salaries. It also improves security and eases user experience.

Access Certification is a must today. It considerably enhances security and enables compliance with various statutory mandates like SOX, GDPR, and HIPAA. CI offers the most comprehensive Access Certification of any bundled IAM software available today.

If you purchased Okta, you would need to pay for Okta’s software as well as a Password Management AND an Access Certification software. The total cost doesn’t look pretty.

Get a Whole Lot More for a Whole Lot Less

Okta  is  an  incomplete  IAM  offering  and  can  cost  up  to  a  whopping

$400,000/year for 1000 users. It is not a true Converged IAM offering and lacks the abilities of one. Its per-user subscription model involves wasteful expenditure. It is also expensive to implement. Finally, their post-implementation support has a reputation for causing customer frustration.

Cross Identity is a Converged IAM offering in a pay-per-use model. It costs cents compared to the dollars for purchasing Okta. ROI is high as possible with CI because costs only increase with benefits. In-house implementation is possible, or implementation support can be provided at a minimal cost. Post-implementation support is also better than Okta and is available in 4 flavors: Classic (free), Silver, Gold, and Enterprise. Gold and Enterprise packages even include dedicated onsite resources.

Why Wait? Try CI for Free Today!

Related Posts