I'm managing over 1,000 computers and users, with a mix of remote and on-site setups. We're looking to implement a Single Sign-On (SSO) solution to address issues like password reuse and the hassle of frequent password resets. We've considered options like MiniOrange and ManageEngine, both of which offer extensive integrations. Before we move forward with our evaluation, what are some quirks or challenges we should be aware of? Additionally, if you were to choose an SSO solution, which integrations would you consider essential?
8 Answers
If most of your setup is Microsoft, definitely go for Entra ID with its enterprise applications. If you've got a mix of systems and some people not using Entra, consider Okta. I’ve worked with both, and while Okta might have more flashy features, if you're already deep into Microsoft's ecosystem, Entra is the way to go.
First, get your requirements straight—know what you need in terms of budget, personnel, and timeframe. There are various SSO solutions focusing on security, compliance, or help desk support. Also, don’t forget the ongoing costs with every service you want to integrate with your SSO. It can really add up!
If you already have Entra, just use that for SSO. It's super easy to set up and manage, saving you the hassle of a different solution.
What identity management system are you using right now? If you're on Entra, it's got SSO built in and it's super viable—lots of third-party integrations and no servers to manage. It’s really robust and my team can handle it even if I’m out of the office. The security is solid too! Just be cautious about assuming it's infallible; there have been a couple of outages annually that can catch you off guard.
I can't believe it if you already have Entra, why go for a pricey third-party SSO? It would just complicate things since you'd end up syncing between the two and losing out on the efficiency.
Yeah, but keep in mind, Entra has had its fair share of outages lately; just be prepared for that!
I'd lean toward using Entra with pass-through authentication linked to your on-prem AD. It’s designed to check leaked passwords if you’ve synced password hashes. It's great for both remote and on-site users, plus it offers a ton of integrations, typically more than other SSO options. Just curious, were you considering ManageEngine for cost reasons?
If you don't want to self-host and are looking for something simpler and open-source, Authentik might be worth checking out. For more multi-tenant support, you could try Zitadel. It really depends on what integrations you need, though. Clarifying that can help narrow your options significantly!
What’s your setup like? Are you using on-prem solutions or mostly SaaS? For a more Windows-centric environment, you should check out Active Directory or Entra. If it’s a mix and leaning heavily on SaaS, Okta is a good fit. Don’t forget, if password reuse is a big issue, having a good self-service password reset policy is crucial, no matter which SSO you choose.
Choosing an SSO solution is the easy part; it’s often the integrations that can get pricey quickly! Just be ready to tackle those additional costs as you scale up.
Absolutely! Okta has a lot to offer but if you’re in the M365 environment, Entra should be your go-to.