Søren TamsSenior Consultant at Københavns Kommune
Anonymous UserSecurity Architect at a construction company
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"The initial total cost of ownership to implement Omada Identity is not small. The TCO for the implementation is as high as any other solution. However, the cost of maintaining the solution is at par or lower than competitors, including adding more features or maintaining the system after the initial deployment or installation to make sure that they are available for users to use or extending the functionalities of those activities. Those maintenance costs are lower than other vendors, but the initial cost of getting the system installed is still high."
"It is licensed per managed user per year."
"There were a lot of administrator, partner, and supplier accounts for people who were no longer working for us but still in the system. So, we reduced the number of users no longer with the company, which saved us some money on licensing."
"It's a fair price for the on-premises system. Compared with what we had before, it's much cheaper and we get all the modules in one. We tried to go with the cloud, but it was far too expensive."
"From an on-prem point of view, the cost is quite transparent and reasonable. The direct cost is primarily for licenses and maintenance on licenses."
Omada Identity delivers an end-to-end identity and access management solution with essential identity governance functionality for secure, compliant, and efficient administration of all users' access rights across on-premises or cloud-based systems. The solution provides configurable best practice processes that covers all identity and access related scenarios from providing an access risk overview, management of identities lifecycle, to automated enforcement of policies.
Security Monitoring, Blocking, and Fraud Protections
Akamai Identity Cloud continuously monitors our production environments for the state and health of the Akamai Identity Cloud platform. We gather detailed key performance indicator (KPI) metrics on uptime and availability for every service. Abnormalities trigger alerts to the Network Operations Command Center (NOCC) staff, on-call 24/7/365.
Brute Force Attacks (Account Takeovers)
Akamai Identity Cloud offers account-locking functionality to protect against brute force password attempts. After a specific number of failed attempts from a user, Akamai Identity Cloud locks an account. This feature is completely customizable Customers determine when and how to block additional login attempts. In addition, the Akamai Identity Cloud offers CAPTCHA- and SMS-based authentication options. Customers can choose to implement these for step-up authentication at any login attempt threshold.
Advanced Persistent Distributed Attacks
Akamai Identity Cloud has experience in successfully staving off distributed attacks. By proactively monitoring for bots/malicious activity — correlating dozens of custom metrics specific to login and registration — we can block the numerous sets of dynamic IPs that malicious actors spin during an attack.
Through IP-blocking and whitelisting, Akamai Identity Cloud can ensure that access is granted only when authorized. For example, Akamai Identity Cloud can identify IP addresses from specific countries or regions and block them from registering and/or logging in on a per customer choice (geoblocking). It can also block specific lists of IP addresses (e.g., lists of known bad IP addresses and black hat-associated IP addresses). If IP addresses are legitimate but exceptions to standard rules, or if they’ve been erroneously added to blacklists, Akamai Identity Cloud can whitelist them ensuring that IP addresses on this list are always accepted.
Online Business Systems, Inc., an external third-party penetration testing firm, tested Akamai Identity Cloud’s ability to withstand DoS attacks. Bot mitigation strategies include rate limiting to mitigate bot DoS attacks, reCAPTCHA to mitigate bots that create fake user profiles, and both client- and server-side validation to ensure that all field values are legitimate.
Akamai Identity Cloud employs custom API monitoring on a per-customer basis to establish trends in usage as well as to identify and block abnormal usage patterns. It is proven to successfully identify and mitigate malicious activity on behalf of Akamai Identity Cloud customers. And because each customer is unique, Akamai Identity Cloud can implement alerting and blocking rules that reflect inherent trend differentiations.
Adjusting a customers custom blocking rules is a collaborative process between Akamai Identity Cloud and the customer. Different customers have different risk appetites and risk tolerances, and these affect trade-offs between blocking some legitimate traffic and assuming some costs of fraud. Advanced persistent attacks might involve multiple adjustments of the custom policy engine rules.
OSSEC intrusion detection system automatically reviews logs for suspicious activity on a regular basis. New account creation fraud protections include CAPTCHA- and SMS-based authentication — options that a customer may choose to implement as a step-up authentication protection against scripted account creation attacks. Akamai Identity Cloud proactively monitors for bots/malicious activity by correlating dozens of custom metrics specific to login and registration, as well as by identifying anomalies specific to a customer’s unique traffic patterns.
Akamai Identity Cloud is ranked 22nd in Single Sign-On (SSO) while Auth0 is ranked 5th in Single Sign-On (SSO) with 3 reviews. Akamai Identity Cloud is rated 0.0, while Auth0 is rated 8.0. On the other hand, the top reviewer of Auth0 writes "Provides login authentication for mobile apps and has good stability ". Akamai Identity Cloud is most compared with PingFederate and Okta Customer Identity, whereas Auth0 is most compared with Amazon Cognito, Okta Workforce Identity, OneLogin Workforce Identity, Azure Active Directory and Atlassian Crowd.
We monitor all Single Sign-On (SSO) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.