|
|
|
|
|
|
by traceroute66
1336 days ago
|
|
|
> In industry terms, we combine Privileged Access Management (PAM), Identity and Access Management (IAM), and passwordless technologies. In plain terms, this sounds like a classic "Jack of All Trades, Master Of None" waiting to happen. Personally I prefer more focused products rather than those trying to be all things to all people. It is also kind of an area with a lot of competition, I would be interested to know how you compare yourselves to, for example, the OKTA's of this world. Which then brings me to the topic already mentioned by others. As OKTA and others have shown us, outsourcing your secrets to others is a bit of a risky game to play. You say you are SOC2 compliant and this that and everything else, but so are OKTA and look what happened. |
|
|
We would not position our product to very large enterprises with thousands of users. Indeed, they will deploy best of breed products - separate SSO, separate password manager, separate VPN etc. The key is that companies like that have the resources to manage all these products separately - sync users back and forth, onboard users into each of those products separately, manage SSH keys, answer call center calls resetting passwords, and more.
We position our product for organizations with 1000 employees and below. We want an employee to install a mobile app, access company portal and have access to ALL she needs in one place. Simplicity of integrated solution paired with passwordless is what we focus on currently. Why use 5 different tools and login 5 times?
Okta is a great product with deep enterprise roots and a lot of integrations with legacy systems. We focus on simplicity and provide major Single Sign-On capabilities today that an organization of 1000 employees would need - catalog of SAML pre-integrated applications https://integrations.idemeum.com, SCIM provisioning, integration with HR system for user management, native passwordless, RBAC, auditing, password vault.
Regarding the secrets we believe that going passwordless and applying strong decentralized authentication will significantly reduce attack vector and compromise probability. If I recall correctly, Okta breach was due to a stolen password.