When it comes to identity and access management (IAM), enterprises have unique challenges and complexities that require partners with the expertise, capability and flexibility to architect the right solution for their needs. As you evaluate IAM vendors, it’s critical to look for solutions that meet specific enterprise requirements. Ping Identity offers flexible hybrid solutions for on-prem and cloud applications and the ability to handle mission-critical applications for a comprehensive set of enterprise IAM use cases. Alternatively, Okta has a “one size fits all” approach to IAM that simply does not work for a significant percentage of enterprise use cases.
Explore these 5 key areas to ensure you are choosing a true enterprise-proven partner with an enterprise-grade solution:
It’s critical that vendors and customers are speaking the same language and thinking of enterprise in the same way, as differing definitions can lead to misaligned expectations that result in insufficient solutions that can lead to buyer’s remorse. It may seem silly, but it’s always a good idea to ask an IAM vendor to explain their definition of enterprise.
When Ping references enterprises, we are talking about companies whose revenues exceed $1.5B and are largely represented in lists such as the 2020 Fortune 1000. Ping defines enterprises based on their scale, complexity and (many times) global reach. This is in line with the Gartner Glossary, which classifies large enterprises as those with revenue over a $1B threshold.
Okta’s definition is significantly different. In their Q1 2021 earnings call, they referenced large enterprise customers as those whose annual contract value with Okta is greater than $100,000, a misleading metric that’s not necessarily indicative of the revenue size, scale and complexity of those companies.
Why is this definition discrepancy important to understand? Because it speaks to the way that Ping and Okta view the market—and by extension their customers' needs and requirements. When Ping references large enterprises, we base that on factors external to Ping, such as whether they are in the Fortune 1000 and the enterprise requirements that come along with that. Any other definition, including Okta’s, should raise questions about their actual penetration into the large enterprise market, and why they have represented their customer base in this way.
Proven Enterprise Customer History
One clear indicator of whether a company is geared toward enterprises rather than small and medium businesses (SMBs) is their customer base. Okta began as a company focused on SMBs while Ping has been serving enterprise customers since the beginning, and the two business origins have had a major influence on the customer markets served today.
Ping serves 60% of the Fortune 100. While we can’t know the entire list of Okta’s customers, a review of the names published on their website shows only 4% of the Fortune 100 as recently as last month. This difference in the two respective customer bases is significant.
The graphic below highlights Ping’s enormous presence in and experience with leading enterprise companies.
Ping has successfully tackled some of the most complex global IAM challenges by providing robust, flexible solutions to the largest enterprises in the world. Be sure to evaluate the types of companies that make up the majority of Okta’s customer base to see if they share the same size, scale and complexity of your business.
Performance and Reliability
Consider a scenario in which you pay a large sum of money to run a commercial during the Super Bowl and offer a special deal for customers who register or sign on during the event. Your usage would definitely spike.
But what if your identity solution couldn’t authenticate at the rate needed, and users couldn’t actually gain access? This would hurt your credibility and cost you potential customers. Many—if not most—customers who are unable to register would probably never return, destroying the ROI on your marketing spend for the advertisement.
Granted, this is an extreme example, but it emphasizes that there are times when you need your IAM solution to meet abnormal peak authentication rates for product launches, Black Friday, ticket sales, large marketing campaigns or other initiatives. It’s worth spending some time evaluating each IAM vendor’s ability to support your performance requirements for both the usual and peak levels of activity.
Ping has achieved 75,000 authentications per second or the equivalent of 4.5M authentications per minute.1 In comparison, Okta’s self-stated performance is 500K authentications per minute.2 In other words, Ping can handle 9 times the authentications per minute that Okta can. This performance difference is relevant to large enterprises and re-emphasizes the point that Ping is truly enterprise grade and Okta is not.
Another characteristic of many large enterprise use cases is that your businesses have mission-critical applications that must be reliable. Think about use cases like airlines, vital manufacturing operations or hospitals.
Last month, Okta announced that it can finally provide 99.99% uptime.3 Okta’s guarantee is limited to four 9’s because their solution is IDaaS-only. Ping, on the other hand, has customers who have had 100% uptime for years with our solution. Ping has the option of giving you control of your uptime so that you can deliver as many 9’s as you need. This flexibility to empower you to control your reliability is another example of how Ping understands large enterprise application requirements better than Okta.
Being able to ensure uptime is critical when an app going down means planes don’t fly, surgeries don’t happen or millions in revenue is at risk.
Cloud Migration Flexibility
Large enterprises have complicated IT infrastructure. While your end goal may be to move to the cloud, the reality for many organizations is that this is a gradual, phased process. Because of this, your IAM vendor evaluation should include a consideration of your IT environment, your on-prem needs, and each vendor’s ability to support your current and future infrastructure. You may find that most solutions, including Okta's, are not able to meet these needs with pure IDaaS and are forced to drop software to integrate with on-prem.
For quite some time, Okta did not have a viable way to handle on-premises aspects of a migration. Historically, Okta pushed clients for an immediate all-in cloud solution. As they started learning about enterprise applications, they introduced the Okta Access Gateway (OAG), which gave them some additional capabilities for connecting on-prem with cloud.
But Okta still has fundamental shortcomings in their approach. All authentication must go to the Okta cloud. While this may work for some, it doesn’t help with ever-more demanding customers who will abandon a site if it takes more time to load. The implementation architecture with OAG remains complex, and by their own admission requires multiple servers for redundancy. Okta’s approach is a services-heavy deployment and implementation that also limits use of popular out-of-the-box (OOTB) network monitoring tools.
In contrast to Okta, Ping simplifies your migration to our modern IAM solution. Ping’s approach to cloud migrations has always been to enable you to migrate at your own pace. Ping supports native tokens (e.g., Oracle Access Manager, SiteMinder, etc.) for gradual migrations off of legacy web access management as well as the option to API-enable your legacy applications using OAuth. You’re empowered to keep on-premises components in place throughout different phases of your migration, as well as post migration, without adding complexity that degrades performance. Ping also supports OOTB network monitoring tools to help you with maintenance.
Identity Data Management Choice
Where and how do you want to store your identity data? Ping asks you that question and gives you choices without compromising security or introducing complexity. If you have on-premises identity data storage needs, you can still get Ping’s comprehensive features without needing to sync sensitive data to the cloud. This flexibility is essential for large enterprises, where storing and managing identity data can be complex or constrained by regulatory requirements. When creating a unified profile with Ping, enterprises can migrate identity data and apps at their own pace instead of being required to undergo massive forklift migrations, which may not be practical.
Okta has cloud-based identity data storage only, limiting your options and flexibility. To gain all of the features Okta has, along with a unified profile, you must sync your identity data to their cloud, which requires data replication and password caching. Okta’s way is a one-size-fits-all approach that reiterates their lack of choice for enterprises.
Ping vs. Okta
Selecting the right IAM vendor for your large business means finding an experienced enterprise partner with flexible solutions to meet your specific needs. If you’re considering Okta, there are several key questions that you should ask before making any decision, including whether they are defining enterprises the way you would, whether they have experience with companies that have requirements like yours, whether they can support the scale and performance you need and more. You’ll likely find that Okta is still trying to grow their solutions into a state of enterprise readiness, while Ping has an extensive proven history with some of the largest and most demanding enterprises in the world.