Organizations today rely on multiple third-party applications and services for critical business functions. But all too often, managing access to these accounts can lead to frustration for users and lapses in security which can put business data at risk.
Research from LastPass has found that the average employee has 191 different usernames and passwords to manage. It’s almost impossible for one person to remember that many secure passwords. This represents a significant challenge and security risk for businesses as employees are forced to use weak or insecure passwords, and admins have no visibility or control over account access.
Identity and access management solutions are designed to help businesses better manage their account security and aid end-users with accessing their accounts. They provide key features like password management, single sign-on, multi-factor authentication, and admin reporting that make managing employees’ identity far easier and secure.
In this article, we’ll compare two leading identity management platforms, LastPass and Okta. We’ll compare their key features and pricing to help you decide which is best for your organization.
What is LastPass?
LastPass is an identity and access management solution that helps users and IT admins to manage and secure their passwords and cloud applications. It’s designed to be easy to use and provides simplified control and visibility over all business accounts.
LastPass offers single sign-on, password management, and multi-factor authentication.
With single sign-on, LastPass enables IT admins to manage and offer one-click access to cloud applications for any SAML-enabled application. With single sign-on, end users can seamlessly access their cloud applications without needing to input a password.
For any website or application outside of single sign-on, LastPass provides industry-leading password management. LastPass allows users to see all their accounts and passwords at a glance, with features like auto-filling passwords into browsers and a built-in secure password generator to promote the use of stronger passwords.
LastPass provides the option to secure access with multi-factor authentication. LastPass offers biometric, adaptive multi-factor authentication on workstations, cloud and legacy applications, and VPN. LastPass MFA provides a passwordless experience for end-users when accessing their desktop, applications, or websites.
In addition, LastPass delivers admins with more visibility and control over passwords and accounts with a range of reports and customizable policies.
Key features of LastPass include secure password sharing, single sign-on with pre-integrated access to 1,200 applications, biometric multi-factor authentication, and automated security reports, helping business to become more secure, maintain compliance and improve productivity.
What is Okta?
Okta is a business identity management platform designed to help businesses manage their cloud accounts. Okta is known for its multi-factor authentication and single sign-on solution, but they have a wider focus on helping organizations manage access to multiple cloud-based tools and applications, with solutions like API Access Management and the Okta Access Gateway.
Okta enables IT admins to manage employee access to any cloud-based applications, including their own internally built applications, using the Okta Integration Network. This means users get a consistent single sign-on experience, across all of their accounts.
Okta is designed to make it much easier for IT teams to manage their SaaS applications, ensuring all accounts are secured with multi-factor authentication and providing centralized control and visibility.
Key features of Okta’s identity management platform include user provisioning and deprovisioning, single sign-on, Active Directory and LDAP integrations, multi-factor authentication and granular, flexible policies for IT admins to manage account access, helping businesses to securely integrate their users to all of their company accounts.
It’s crucial that the identity and access management solution you pick fits the specific needs of your organization. As with any security solution, you must pay close attention to the features that your organization needs and select the service which will best meet your requirements.
Below are these eight factors we have considered to compare these two applications. While both LastPass and Okta do have features and products that fit outside of these eight factors, we feel that they constitute the core features that organizations of all sizes will require for managing account access.
Password management is a core component of a strong identity and access management platform. Password managers allow end users to securely store and manage their business accounts and passwords, making it easier for them to choose unique secure passwords for each of their accounts.
LastPass has developed a comprehensive password management platform. Each individual user has access to an encrypted password vault, which securely stores all of their account usernames, email addresses and passwords. From this vault employees can copy, paste and edit account details as needed, as well as a tool for users to generate the secure password. They can also securely share passwords, which we will cover in more depth in the next section.
LastPass offers a browser extension, which automatically auto-fills passwords stored in the password vault into webpages when prompted by the user. It also automatically adds passwords into the vault as users log-into third party accounts. To access the password manager, users must choose a master password. The LastPass vault is available both online and offline, and in a mobile app.
Okta offers a lightweight password vault. However, their vault does not provide some administrative features such as security policies or visibility into the password hygiene of their customers.
Summary – LastPass provides a comprehensive and easy to use end user vault for password management. Okta offers a lightweight password vault for password storage, but it lacks the administrative functionality of LastPass.
Password sharing provides value to any access management platform. In any organization there will be accounts that need to be shared between multiple people or departments, such as marketing and sales. For an example, consider a social media site that requires multiple teammates to access in order to manage.
Without an identity management solution in place, sharing access to these accounts can pose security risks. Users often share passwords on insecure channels, like emails and Slack, or more commonly in shared spreadsheets and post-it notes. This means admins have very poor visibility into where passwords are being shared and who in the organization has access to which company accounts.
Okta relies on single sign-on for password sharing. Using Okta, admins are able to assign users access to apps and can assign multiple users to the same account. This means that all users assigned to that app will have the ability to access the account using the same set of credentials, without actually knowing the username or account password. However, this is limited to only applications that are SAML-compliant.
LastPass provides multiple features for secure password sharing. Like Okta, LastPass offers single sign-on, which allows admins to easily choose which users have access to which accounts, even when they are sharing account details.
LastPass also allow passwords to be shared via their secure password vaults. Admins are able to give certain users the ability to share passwords, or share passwords themselves across selected users, groups or departments. These shared passwords automatically show up the end-user’s password vault and will be auto filled into webpages when prompted. This facilitates secure password sharing for all accounts, regardless if they are SAML enabled or not.
To guarantee shared passwords stay secure, admins can prevent users from being able to view or copy the password itself, ensuring that only approved users are able to access shared accounts within the LastPass system. This helps to minimize the risk of passwords leaking, or unapproved users accessing shared accounts.
Summary – LastPass allows users and admins to access and share accounts securely inside the password vault. Okta does not offer any password sharing capabilities but instead allows admins the ability to assign multiple users to the same account using single sign-on.
Multi-factor authentication is a critical component to ensuring that access to company accounts is secure. Typically, accounts will require one ‘factor’ to authenticate identity, something the user knows: the account password. However, passwords are notoriously insecure. They can be guessed by brute-force programs, compromised by hackers in phishing attacks, or simply leaked in data breaches.
To help mitigate these risks, multi-factor authentication ensures that users must verify their identity using multiple factors. This can include something the user has, like a code generated on an authenticator app. It can also include something the user is, using a fingerprint scan or facial recognition to verify identity.
LastPass allows admins to mandate the use of multifactor authentication across cloud and legacy applications as well as workstations. LastPass provides their own LastPass MFA solution, with an authenticator smartphone app that allows users to verify their identity by using biometrics, such as a fingerprint swipe or FaceID scan with supported devices.
LastPass also supports adaptive authentication. When something suspicious is logged, like a login request from a new device, or an unusual time, the user will be asked to verify their identity. This helps to maintain account security, while keeping users productive.
Okta also supports both multi-factor authentication for cloud, on-premise and internally built applications. Okta integrates with thousands of web apps through standards-based protocols, allowing admins to centrally enforce MFA across all corporate accounts.
Okta supports a range of second authentication factors including SMS, voice and email, one-time passwords, and physical tokens. Okta also supports adaptive and risk-based authentication, allowing for dynamic authentication in risky situations including the use of weak passwords, new locations and the use of new devices.
Summary – Both LastPass and Okta provide comprehensive multi-factor authentication functionality. They both support a range of authentication methods and integrations. They both offer adaptive authentication, enabling smarter, more targeted user authentication.
Single sign-on (SSO) is an important step towards a passwordless future, allowing a user to log into multiple applications with just one set of credentials. This means that users no longer have to remember multiple passwords and allows end users greater visibility and control over which users have access to which company accounts.
Single sign-on is at the core of the Okta service, replacing the need for users to remember or manage any of their passwords and allowing admins to share passwords among teams. Okta supports single sign-on across enterprise applications, custom web apps and mobile apps, to make accessing corporate accounts easier for the end user.
With Okta, users log into the Okta system and are then able to launch any enterprise application as needed without logging in. For a consistent SSO experience, organizations must integrate all their enterprise applications with the Okta system. Okta uses a range of standards based SSO integrations to integrate with your enterprise systems.
LastPass provide single sign-on alongside their password manager platform and the two platforms share core components. LastPass integrates with over 1,200 enterprise pre-integrated applications, which admins can easily activate by the SSO portal.
Users can simply log into their LastPass account and gain seamless access to any of the pre-integrated applications required for their role, providing admins visibility and control over user access.
LastPass provides SSO integration with any web applications that support SAML standards as well as on-premises and legacy solutions. LastPass’ pre-integrated applications are much easier to deploy and manage as they will not require any custom integrations.
Summary – Okta offer comprehensive and advanced single sign-on that allows users passwordless access to their company applications. LastPass supports over 1200 pre-integrated apps, allowing users seamless access to all of them with their LastPass account.
Admin Controls and Deployment
Two important factors to consider when it comes to identity management platforms is the granularity and customizability of the admin controls and policies, and how easy the platform is to deploy. Small and mid-sized organizations may be looking for an easy to deploy platform, with robust set of admin policies that are easy to customize. Larger organizations may be accepting of a more technically demanding and time-consuming deployment process but will require a more granular and customizable solution.
LastPass offers an easy to navigate centralized admin console, from where admins can view security reports (which we will cover more on in the next section) and manage policies. Admins have access to a range of configurable policies around password management, SSO and MFA. These policies can be added, edited and removed as needed. Policies include login restrictions, master password controls and restricting the number of unsuccessful logins attempts before the user is blocked. From the LastPass console, admins are also able to revoke users’ access to their passwords as needed in the case of user compromise or termination.
Deploying the LastPass system is very quick. LastPass integrates with your existing user directories like the commonly used Active Directory, allowing admins to easily assign them to groups and departments and provide access to their password vault. Integrating LastPass with SSO supported applications is also straight forward using their dashboard. For the end user, they simple receive an email invite to the LastPass system, from where they can choose their master password and the view their password vault.
Okta also provide an admin console which is straight forward and easy to use. From this console, admins are able to manage users, control integrated apps, and set policies for managing user access. Okta provides a self-service feature manager, that allows admins to quickly select policies and controls to manage access and gain viability into groups and reports. Okta provide granular policies which can be enforced across users, including password management, end user authentication, and deprovisioning of users.
Deploying Okta is more complex than deploying LastPass. Integrating your existing internal applications and systems can be time-consuming. However, the Okta integration system connects to the most popular cloud-based and on-prem technologies, meaning most of your accounts can be easily integrated into the Okta system. Okta also integrates with your existing user directories, making it easy for admins to import users and groups into the Okta network.
Summary – LastPass offers a range of admin policies in an easy to navigate admin console. The LastPass platform is easy to deploy, and supported SSO applications are easy to integrate. Okta is more complex to deploy but offers SSO across internal enterprise applications. Okta also offers granular admin policies within their admin console.
Reporting and Analytics
Reporting and analytics are a critical component to a strong identity management platform. Admins need to be able to gain visibility into how users are interacting with their account, and be able to view potential security risks. Reporting is also needed for compliance. Admins need to be able to show a history of user activity and account access.
Okta provides activity reports, security reports, system log queries and security reports. Activity reports provide data which show how end users are interacting with Okta, and integrated applications and services. This includes log-in requests, user status and failed logins. Application reports show which users are accessing which applications, including their usernames and login times, which is important for compliance reasons.
Okta’s security reports provide data that help identify potential security risks. This includes report on password health for applications, any suspicious activity, location of attempted logins, and details about user provisioning. System log queries provide links queries around SSO attempts and Okta logins.
LastPass Identity also provides a range of admin reports which can be accessed in their admin console. User activity reports provide a log of every login event, password or username update, form fill and deleted site for all users for up to two years. These reports can be filtered by date range or users. LastPass also provide shared password reports, detailing sites in shared folders and secure notes.
Admin activity reports are also generated, which is important for legal compliance. Admin activities are logged in detailed breakdowns, including each time a new user is added, a password is reset, or policies removed or edited. LastPass also provide security reports, which provide summaries of potential user security risks including the number of reused passwords, weak passwords and weak master passwords. This can help your IT team to target training and support where needed.
Summary – Both LastPass and Okta provide a comprehensive range of security reports and audits to help organizations better manage access security and to help maintain compliance.
LastPass pricing and feature breakdowns: https://www.lastpass.com/products/identity
Okta pricing breakdowns can be viewed here: https://www.okta.com/pricing/#it-advanced-server-access
LastPass and Okta are both market leading identity management platforms, offering great features for different types of businesses and users. LastPass offers an easy-to-use, intuitive password manager, offering MFA and SSO which helps to make accessing accounts easier and more secure. Okta offer a strong single sign-on platform, which integrates into internally built applications and systems. They also offer MFA and provide a granular platform for admins to manage account access.
If you’re a small-to-medium-sized businesses looking for an all-in-one solution for password management, single sign-on and multi-factor authentication that is intuitive, cost-effective and offers a variety of admin policies and reports, LastPass is the best option. But if you’re a larger enterprise looking for a more complex solution for single sign-on, requiring an integrated platform to manage access to your internally built systems as well as web applications, Okta may be the more suitable service.