External reviews are not included in the AWS star rating for the product.
We use the solution for API security and management. We implement our solution with almost ten to fifteen vendors' APIs, like Salesforce and HubSpot.
It involves generating leads, invites, adding contacts, and opportunities, mostly challenging with Salesforce integration due to limited documentation.
The solution is cost-effective and beneficial in terms of security. It enhances secure API requests, improving user management efficiency.
It offers stronger security and flexibility with API keys, which are generated on runtime. This is valuable as they are reusable and can be used for confidential applications.
There is no immediate need for improvement. However, better documentation for Salesforce integration is suggested. Multi-factor authentication could be considered for future research.
I've been working with the solution since 2017, which is approximately seven to eight years.
There have been no issues with performance or stability.
I haven't explored scalability extensively, as it hasn't been required.
We haven't escalated any questions to customer support.
Positive
Google Authenticator and Duo are used for multi-factor authentication.
The initial setup was simple and not complex, involving key or username authorization.
The solution brings security benefits and efficiency.
I recommend the solution as it provides strong security with more control over access. It supports various authentication methods.
I'd rate the solution ten out of ten.
We have user management, role management, and tenant concepts for multi-tenant applications. We use organizations in Auth0. For Okta, we mostly use it for internal SSO to provision users to internal tools.
Auth0’s multifactor authentication enhances our security posture. They are GDPR compliant, and they provide us with a way to host in multiple regions. We use a European region to be GDPR compliant.
For performance, we can also choose different regions, like China or North America. They are also HIPAA compliant, but we don’t deal with HIPAA. They are ISO certified, so it’s easy for us to convince our security team. They manage key rotation and things like that on their end in the backend, which helps us.
Auth0 doesn’t have a great way of providing self-managed user management tools. If I have to provision my customers to manage their tenants, they don’t do it out of the box.
We are wrapping a solution around it to make that happen. There are some marketplace plugins available, but they are not so great. We have developed our own custom solution to expose user management to our customers.
I have been using it for around seven years. I use the latest version.
It’s highly scalable. We just have to pay more for more users.
For enterprise, I would rate technical support a nine out of ten.
For any kind of lower starter package, I would rate the technical support somewhere around six out of ten.
So, on an average it is an eight out of ten.
Positive
Within our organization, we use only Okta. We have hooked it up to Active Directory. That’s our single sign-on here.
Okta is mostly provisioned and used through DevOps. Role management and user grouping are mostly easy. There are directional integrations as well, including Azure AD and other tools. We get out-of-the-box solutions to integrate with actionable tools that we are using.
It's straight out of the box. So, the deployment time is almost half an hour to an hour in our case.
It will probably take one day to integrate. We also use IAC for automation. Once that is done, we mostly forget about it.
We have to do user management, like provisioning the users, de-provisioning, when they leave the organization and so on.
It’s easy to integrate and deploy.
We use the cloud solution. We don’t deploy anything. We use the cloud solution, and we have automated the configuration. That is the deployment that goes on. Like, if we are adding a new tenant and things like that, it all happens through infrastructure as code.
The general deployment and integration took us around one day. Probably one day because we requested it from the DevOps team, and they have to get in touch with someone from the tooling side, and they get it done. So we usually hear back within a day that it’s done.
The point is that we did all the heavy lifting in the initial days. After that, we hardly notice anything. It’s all working well together. The only thing is that we have to wrap up a solution for user management. Other than that, I don’t see any issues.
We don't do the maintenance. It's Auth0 that manages the maintenance. We don’t usually do anything. They have great availability SLAs. We don’t even notice if there are any updates and things like that.
It’s definitely beneficial. If we had to develop our own and manage it, it would take years of development and maintenance. In those terms, it’s definitely beneficial.
But once you cross that barrier of being a startup and growing, and if you have to move to an enterprise solution, that’s where it becomes expensive. But at that point, I think you’ll be okay to pay anyway.
The pricing depends on the tier you are in. If you’re in enterprise support, there’s always someone who can support you. But if you’re in lower tiers or starter tiers, we have crossed that barrier anyway.
In the initial days, if you’re not aware of how the OpenID solutions work, it’s probably hard to get started. Once you cross that barrier, it becomes easy.
But you have to pay extra for technical support, which makes sense, but adoption might become harder for people who might not have experience with either Auth0 or Okta before.
As a developer, I would rate it at nine out of ten. That’s because it’s very flexible. Developers can easily learn the system and get used to developing on it, like configuring automation, configuring integration, and things like that.
But, again, it’s for developers. You should know how the API integrations work and things like that. But if you are a user in general, I think I would rate it at six or seven, probably seven, because if you’re not a developer, you need to spend time exploring more.
Also, the scoped user management for a specific customer is not available out of the box with Auth0. So that’s something which, if you are a product manager, you would definitely look at. But if you’re a developer, that’s just an opportunity to build something on top of that.