[mschuster91]

> When did it stop being a core competency of web applications?

Turns out, login is surprisingly hard. It will be the first and most important focus point for attackers - SQL injections, DDoS attacks, captchas, griefers intentionally using wrong passwords to lock someone else out... with Okta and other products of its kind, all an application developer needs to do is to check some token.

Another huge part is that in the "old" world there was only one player for any kind of centralized authentication: LDAP. While there were and are multiple LDAP server implementations (OpenLDAP, MS AD, Samba and a bunch of smaller ones), only Microsoft's AD has a somewhat comfortable and usable management application - but even that is using old-school Windows UI and you need a MS desktop to manage it. Everyone else? Either use Apache Directory Studio, some barely working web management UI (phpldapadmin, GOsa) or heaven forbid plain LDIF files.

In contrast, working with anything of the "modern authentication" solutions is a breeze.