Reputation: 711
Okta vs AWS SSO comparisions as an SSO solution
Which is the best option for SSO implementation AWS SSO Vs Okta? I'm specifically looking for the advantages and disadvantages of each service to identify the best suitability for my system. These considerations have the most weight
Cost
Integration - Support for integration with existing directory services and mobile/web applications (SAML, ADFS, etc)
Ease of accessing logs for audit
Upvotes: 6
Views: 7068
Answers (1)
Reputation: 193
In a short, Cognito is an identity broker, which can connect to other identity providers (IdP) to realize the authentication/authorization requirement, whereas Okta is an Identity Provider. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_common-scenarios_federated-users.html
You can set up OKTA as a SAML IdP in a Cognito user pool (https://aws.amazon.com/premiumsupport/knowledge-center/cognito-okta-saml-identity-provider/).
You can also configure federated authentication with other third-party providers like Facebook, Google, etc. using Cognito. Cognito also has its own user store.
To realize authorization requirements using Cognito you need to use an identity pool, which can authorize the invocation using AWS Identity Access Management (IAM) service. https://aws.amazon.com/premiumsupport/knowledge-center/cognito-user-pools-identity-pools/#:~:text=User%20pools%20are%20for%20authentication,for%20authorization%20(access%20control).
So if your SSO requirement is tied with AWS managed service invocation like API Gateway or Lambda integration, then Cognito is the most natural choice. Otherwise, if you need a robust, featured, industry-wide Identity Provider then OKTA can be the choice. https://www.trustradius.com/compare-products/amazon-cognito-vs-okta
Regarding pricing Cognito is cheaper than Okta I think. There is a Free Tier option in Cognito too. https://aws.amazon.com/cognito/pricing/
After free trial, OKTA will charge $2/user/mo for SSO (https://www.okta.com/pricing/), where Cognito will charge $0.0055/user/mo, which is far less.
Hope this will help you to take your decision.
Upvotes: 7
Related Questions
- What's the difference between AWS SSO and AWS Cognito?
- AWS SSO for external client AWS accounts not in an organization - Best Practices
- CAS vs Okta Vs Keycloak comparisions as an SSO solution
- How SSO is working with OKTA
- AWS SSO for end user customer application
- Okta sso for native app accessing web services
- How can I integrate my rest based java webapp with okta for sso?
- okta sso(partner integration)
- Which SSO tool fits this scenario best?
- SSO Frameworks, which one to use? when we need?