What is our primary use case?
We have our suite of applications and are using this product to integrate with most of the enterprise solutions or the identity providers solutions for authentication. Therefore, we are using it for authentication and single sign-on. For example, we are using the OpenID Connect protocol for authentication and receiving identity tokens from solutions.
We wanted to test a single sign-on solution, which we can build up on, then later possibly provide as a solution to our customers.
We started off with the community edition for our own uses. The community edition has an open source community, and the product over there is named Keycloak. We started off using the 3.4.3 version, then we went for the paid subscription. That is when we bought the Red Hat Single Sign On version 7.2. Version 7.2 has been enough for us as a single sign-on product.
How has it helped my organization?
We do not use it directly with any of our company functions, since our enterprise has Microsoft licenses.
What is most valuable?
- Red Hat SSO has a lot of very concise, well laid out documentation, which is available in the free edition as well.
- It is fast and effective.
- It is very easy to scale and use as you want.
- It provides a single pane of glass if you have deployed it across multiple clusters.
- The product keeps to standardized SSO protocols, so it would be easy switch to another SSO, if needed.
- It provides good tool tips.
- It allows for a lot of customization, such as, federation.
- It provides you endpoints as plugins or you can write on your own.
- It integrates well with social logins, like Facebook, Yahoo, and Google Identity.
What needs improvement?
Red Hat is creating a SaaS/cloud solution with their own authorization. They are looking to support it with adapters, but I am not sure how well this product will integrate with other Windows products.
They could provide more checks and balances to find out if there have been any security lapses, e.g., if somebody is trying to break into the system. Some other products have these detection mechanisms in case someone is trying to hack into the system or find out a user's passwords.
I would like them to add audit reports. Other cloud-based solutions have good audit functionalities, such as:
- How many times a user has attempted to log in?
- How many times there have been failed logins?
- What is the general usage?
- How long a particular user remains active during a day or once they are logged in?
These are good audit features to have in an enterprise setup in case of security breaches. This particular feature needs to be added or extended in the current product.
For how long have I used the solution?
Less than one year.
What do I think about the stability of the solution?
It is a very stable product. We have 99.9 percent uptime.
If you want to set it up for a highly available configuration, then you need to have two to three people maintaining it. One person should be an IT person, ideally. The other person should have knowledge of the product and database configuration.
What do I think about the scalability of the solution?
It is definitely scalable. Though, we don't have a large user base who will be using the solution. Right now, we have this deployed at one customer location.
You can deploy it across various data centers and manage them all from one data center using a central administrator's interface, where the changes will reflect across all of the data centers.
How are customer service and technical support?
If you want support, that is when you use the paid version. There are different support categories that you can pay for, which provide different support levels. E.g., there is a quick response if you pay a higher amount, where the response time is within a few hours.
Which solution did I use previously and why did I switch?
I believe the customer was using a Microsoft solution that was outdated and beyond the support lifecycle.
How was the initial setup?
The initial setup is pretty straightforward. You can set it up and login. The process is pretty smooth.
The deployment took about two to three days, once we were ready with the implementation.
What about the implementation team?
We automated the deployment with automated scripts. The only thing that needed to be set up manually was the configuration by us.
What's my experience with pricing, setup cost, and licensing?
It is a low cost product. This product can be used by non-profit organizations or universities, when they don't want to invest a lot of money.
The license is around $8000 USD. I found these costs reasonable.
If you go for a cloud solution, most of the subscriptions are based on the number of users who are going to be using it. E.g., the number of identities which you will be creating for the number of logins per month.
Which other solutions did I evaluate?
We also evaluated Okta. However, we were looking for a more cloud-based solution. Though, Okta is good for customization.
What other advice do I have?
A costly product will not always save you from a security breach. SSO provides good protection at a low cost.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Apr 01 2019