Comment by p_ing
8 days ago
If Okta made an AD replacement, they’d charge for each extra attribute beyond fullName, firstName, surName, and drink.
Identity Admins don’t let Identity Admins buy into Okta.
8 days ago
If Okta made an AD replacement, they’d charge for each extra attribute beyond fullName, firstName, surName, and drink.
Identity Admins don’t let Identity Admins buy into Okta.
You’re not wrong, but depending ln the org size those charges are still cheaper than Windows Server + CALs.
Ideally though, it’d be like Okta in that its core directory is in the cloud, but also like ADDS/LDAP in that local servers/objects can join to a domain via local containers posing as domain controllers.
Yes, I know modern device management and cloud-based IdP means the need for a directory is decreasing by the day, but Enterprises still want it for ease of user and computer management via a centralized database of sorts. Having someone, anyone offer me a leaner way of achieving this without a crusty LDAP deployment or expensive Windows Server + CALs, would be hugely appreciated.
Okta was going to charge us $6/user/month just for MFA. So I migrated my company to Azure AD with free MFA. We still had AD DS in the mix, but endpoint management was moving to cloud w/ Autopilot + Intune.
An on-prem AD DS is going to be difficult to move away from. From a management cost perspective, it is still cheaper than every other LDAP + Kerb + endpoint policy solution out there. And since a CAL is provided with every copy of Windows Enterprise, thinking about CALs for clients is a non-issue.
That’s assuming your org is all-in on the Microsoft product suite though (but you do make excellent points on orgs who stick to AAD vs Okta in terms of cost savings). For companies who aren’t, or don’t want to be, there’s a huge gap in the market for a modernized, lightweight, cloud-friendly directory.
If I can have my PDC in the cloud IdP, and rely on containers for replicating at local sites or network segments as needed, then I can ditch ADDS, CALs, and M365 wholesale in favor of other products. It removes Microsoft’s trojan horse product from the enterprise and shakes up a lot of attached markets in the process.