Single sign-on products have been around for a while, but the latest generation of SSO products have moved to the cloud. Vendors include Okta, OneLogin, McAfee, Numina, RadiantLogic, SecureAuth, Symplified and SmartSignin. See the story version.
McAfee Cloud Identity Manager
McAfee has probably one of the largest collection of identity providers of any product we’ve seen, including AD, LDAP, Google, OpenID, Salesforce, Twitter, various SQL databases and others.
McAfee’s app configuration screen allows you to assign particular users by groups or individually.
With McAfee’s SSO, you can restrict access to apps via a variety of methods, including multi-factor tokens and time of day or IP address.
Numina Application Framework
Numina doesn’t offer two-way synchronization with AD or LDAP directories: it can only update its own user accounts.
Numina’s create new app dialog box, showing sparse help text.
Numina has its own password policies, as you can see here to enforce complexity.
Numina’s SAML connection settings is very straightforward and easy to use. Note that usernames must match between the SaaS provider and what you use in the Numina SSO product, which could be a big limitation.
The Okta dashboard gives a range of application reports that can show unused apps for particular users.
Okta’s dashboard has a nice task list showing you what you still need to do on their service, alerts to any apps that weren’t setup properly, and other items.
Okta reports show you the last month’s worth of app usage and suspicious activities and how many users have never signed into the system.
OneLogin has a long app catalog to choose from.
OneLogin’s password complexity policy shows various options.
OneLogin menu structure is very easy to navigate and figure out its workflow.
Radiant Logic has a number of Windows apps, including the Cloud Federation Service Center, where you set up identity management and apps.
Radiant Logic SSO solution is a combination of several Windows-based programs and will support four different authentication systems.
Radiant Logic’s CFS Deployment Manager is used to import each app’s certificate into its system and to test the various components to ensure they are operating properly.
Radiant Logic supports a wide variety of identity providers, including LDAP, SunOne and Novell’s eDirectory.
SecureAuth’s admin console is Web-based and perhaps the least attractive of all the products we tested, but beyond cosmetics it has lots of parameters and configuration options to make it a very powerful SSO product.
For example, to enable two-way AD synchronization you set the “read only account” to false on the membership connection settings.
Here is how the various pieces of the SecureAuth solution fit together.
Symplified’s dashboard displays a few details about its operation.
Symplified has a very complex and complete collection of access policies, similar to how a network firewall is setup.