Okta or Last Pass Feedback??

JimAllsop
New Contributor

My director asked about us using a cloud based password manager, anyone use Okta or Last Pass?

Pro's Con's??

Thanks in advance.

PS: 500 plus Macs, and a 100 or so PC's. Almost all Laptops.

14 REPLIES 14

mpermann
Valued Contributor II

I've been using Lastpass at home for a long time now. It works well to manage passwords for websites but I don't believe it works for filling in usernames and passwords for things such as server login from the Finder. But I could be wrong about that. There is an enterprise version that likely has different features than the premium version I am using. Overall, I like Lastpass and it works well.

JimAllsop
New Contributor

Thanks @mpermann our staff is just requesting something to assist them in password management. We try to tie as much in to AD and their log in credentials but there still is a lot of updating that you have to do. Do you know if it can manage passwords for wifi networks?

mpermann
Valued Contributor II

I don't believe it can manage WiFi passwords probably in the way you want. You can enter all sorts of information into Lastpass, but getting it out and automatically entered into a Mac OS dialogue box is not something that I think it can do. I just don't think there are any hooks into the Mac OS in a way that allows it to interact with the common password dialogue boxes. Hopefully I am wrong and someone will correct me because I'd sure like for it to be able to manage and automatically detect and fill those passwords.

Travis_at_Ping
New Contributor

Full disclosure right off the bat, I am a Business Relations Manager with Ping Identity. So while this is obviously a self-serving response, it is also meant to help bring another, well-established option into your evaluation.

Your post caught my attention because Ping provides single sign-on to virtually any web-based application, leveraging the AD credentials to login to everything. We are experts in identity federation...basically meaning that you only have to update that one AD credential, and then we are able to federate that identity out to anything that needs a username and login.

I read your other post as well and it sounds like we could potentially bring a lot of value and security to your environment. Feel free to browse our solutions at www.pingidentity.com/products. PingOne is our cloud offering, and sounds like it could be a good fit for you.

Let me know if you would like to discuss further, and I can get you set up with our free version as well as looped in with a technical resource at Ping. Best of luck Jim, thanks.

-Travis
Email: theitsch(at)pingidentity(dot)com
LinkedIn: www.linkedin.com/in/theitsch/

orph351
New Contributor

We've been using Okta since April 2013 for SSO and application provisioning. The product is solid, extremely reliable, and full-featured.

kimmy
New Contributor

I have been using Okta for several months and I have not ran into a web app that I could not get configured. Its super easy to use and some of the newer features are making setting up apps a breeze.

TunnelRat
New Contributor

Okta is far more than a password manager. As a consultant, I've done several Okta integrations. I've have not worked with LastPass, so cannot truly compare the two.

It sounds like Okta's SWA (Secure Web Auth) configurations would be the closest parallel to LastPass. SWA basically Vaults your password, and then by way of browser plugin, will post your credentials and submit the login form to automatically log you into sites you have configured.

More importantly though, is Okta has made SSO as simple to integrate as possible by creating a catalog of application configurations. For most configurations, it is as simple as selecting a configuration from their catalog, entering your SSO URL's and a couple configuration steps on the application side. You might find, for many apps, it is almost as easy to configure true SAML SSO vs setting up OnePass vaulting.

Okta can use Active Directory for your Identity and allows users to update/change passwords as well as handle forgotten password requests from outside your firewall. No VPN required. This is a real plus in reducing helpdesk tickets.

For many apps like Salesforce, Zendesk, ServiceNow, Google Apps, etc, they have worked the application api into their configuration to allow provisioning and deprovisioning directly to application.

Okta support staff is second to none. They are based in the US, very responsive and get the job done.

pickerin
Contributor II

Okta is not a password manager, and if used as such, your end users will have a completely miserable experience. Don't try it. Use LastPass.

Okta is a single sign-on solution that allows for automatic logins to websites. However, it is HIGHLY limited in how that works in practice. We tried, we failed. If you're looking for an Enterprise class password vaulting solution that integrates well with Active Directory and provides similar functionality as LastPass, then check out OmniPass. That's what we ended up implementing.

aarkris1
New Contributor

I just chanced upon this discussion and quite frankly I think it depends completely on your usecase. If you are trying to simplify the process by which your users access their corporate applications yet have a way to save their personal sites from a single interface, then OKTA hands down will be slickest solution. With their Okta Application NEtwork, you can configure many thousand applications in a matter of minutes/hours.

pickerin
Contributor II

I'll humbly disagree, as this was the exact use case we had and our users hated it.
Okta does not provide an easy way to save personal sites and have them managed. In order to change the password on a personal entry, you have to manually edit the entry, delete the old password, and paste in a new one. There is no automation whatsoever, as there is with LastPass. Additionally, with the "chicklet" interface, if your users have a large number of entries, then they're scrolling pages of entries to get to the one they want.

Sure, you can configure thousands quickly, but your users won't want to use them. Isn't that the point?

As this is your first post here, your response could be taken to be somewhat conveniently biased towards Okta, perhaps due to whom you work for...it would be nice if you completed your profile with more information so we would have some context with your response. I work for AAA and we have purchased and used commercially both LastPass and Okta. Neither solution worked for our end users and our management, we ended up using OmniPass, as I mentioned in my previous post.

adaboy
New Contributor

One of the big success that I have had with Okta is the ability to have our helpdesk control the password. So the user just logs into the Okta portal with there AD credentials and then click on the web application. Having the help desk control the password and not having the user know the passwords increases security by locking out a user from an application after they leave the company because they cant log into the Okta portal.

pickerin
Contributor II

LastPass has the same capability. You can give someone access to a Shared Folder, but not give them the access to change, or the ability to read, the password. But, they can still click the entry and be auto-logged in.

donmontalvo
Esteemed Contributor II

I wouldn't pay much attention to the Okta SPAM on these threads...

https://jamfnation.jamfsoftware.com/discussion.html?id=10620

--
https://donmontalvo.com

mwoodruff
New Contributor III
New Contributor III

Update: Casper Suite v9.93 was released today with full SAMLv2 support, including Okta and Ping.

Casper Suite 9.93 Release Notes

Configure SAML support for Okta
Configure SAML support for Ping