Auth Solutions on the Market
· 2 min read
In summary...
- If I am running a new startup and do not want to build my own auth systems, go with auth0.
- If I am running a company that needs integrations of enterprise services, then go with onelogin for their compliance.
- Google Firebase is awful and not easy to migrate in the future. Google would better consider acquiring auth0.
Auth0 | Okta | Amazon Cognito | onelogin | Firebase Authentication | |
---|---|---|---|---|---|
Send Welcome Email after Signup | Template provided | ❌ | ❌ | ❌ | event handler provide but need email vendor integration |
Customer Type | B2C, B2B, B2E | B2C, B2B, B2E | ? | B2E | ❌ |
SSO | ✅ | ✅ | ✅ | ✅ | ? |
MFA | Push Notification, SMS | Authenticator, SMS, Voice Call, Security Question | SMS, Authenticator | Push, SMS, Authenticator | SMS |
Social Login / Public Identity Providers | ✅ | ✅ | ✅ | ✅ | ✅ |
Login Rules Engine / Policy | ✅ | ✅ | ❌ | ✅ | ❌ |
RBAC / Group-based | ✅ | ✅ | ✅ | ✅ | ❌ |
Cross-platform SDK | Web, Mobile, Native | Web(Angular, Node.js, React, PHP, Java, .NET), Mobile(iOS, Android), Native (Java, .NET), Machine-to-machine | ✅ | raw examples | iOS, Android, Web, C++, Unity, |
Industry Standards | SAML, OpenID Connect, JWT, OAuth2.0, OAuth1.0a, WS-Federation, OpenID | SAML identity provider | OAuth2.0, SAML2.0, OpenID Connect | SAML 1.1 and 2.0 WS-Federation 2005 SCIM 1.1 and 2.0 OAuth 1.0 and 2.0 OpenID Connect 1.0 JSON Web Token (JWT) Integrated Windows Authentication (IWA) | ❌ |
Analytics | ✅ | ✅ | aws Pinpoint | ❌ | ❌ |
General SLA | 99.95% | 99.97% | ❌ | 99.98% | ❌ |
Passwordless | Touch ID, Email Magic Link, SMS | ❌ | ❌ | ❌ | ❌ |
Anomaly Detection | 1. Brute-force ProtectionLimit the amount of signups and failed logins from a suspicious IP address.2. Breached-password Detection. Detects login attempts with credentials that have been known to be breached. | Risk-based authentication | ❌ | Risk-based authentication | ❌ |
Anomaly Detection Reactions | Email notificationBlock IP | ❌ | ❌ | ❌ | ❌ |
Providing User Profile / Directory Store | ✅very extensive | ✅W/ Management Metrics: Total Users, Authentications, Failed Logins, System Log | ✅access configured by Apps | ✅ | ✅very limited fields |
Workflows - Email address verification | ❌ | ❌ | ❌ | ❌ | ✅ |
Workflows - Email address change | ❌ | ❌ | ❌ | ❌ | ✅ |
Workflows - Forgot password | ✅limited page customization | ✅email templates | ✅email/SMS template | ✅no UI customization | ✅ |
Workflows - Lockout Self-Service | ❌ | ✅ | ❌ | ❌ | ❌ |
AD/LDAP integration | ✅ | ✅ | AD | AD | ❌ |
Compliance | SOC 2 Type II, EU-US Privacy Shield Framework, HIPAA, OpenID Connect | HIPAA, EU, and FED compliance | PCI DSS Compliance and is HIPAA Eligible | ASSURANCE PROGRAMS: SOC 2 Type 2 SOC 1 Type 2 ISO 27017:2015 ISO 27018:2014 ISO 27001:2013 SECURITY PROGRAMS: Skyhigh Enterprise-Ready CSA STAR PRIVACY PROGRAMS: TRUSTe Certified Privacy U.S. Privacy Shield GDPR EU Model Contract Clauses VULNERABILITY MANAGEMENT: Penetration Tests Network Scans Bug Bounty Program OTHER INITIATIVES: HIPAA FFIEC / GLBA NIST Cybersecurity Framework G-Cloud FERPA | ❌ |
User Devices Management | ✅ | ✅ | ✅ | ✅ | ❌ |