In today’s fast-paced business environment, access to applications and resources is essential to keep up with the competition. Companies are constantly seeking ways to secure and simplify access to these resources while adhering to security and regulatory standards. However, securing and simplifying access to legacy applications can be challenging as they often lack modern security protocols, such as SAML or OpenID Connect (OIDC). These applications include critical business apps like Oracle JD Edwards, PeopleSoft, E-Business Suite, Siebel, and header-based applications sitting behind WAM (Web Access Manager) solutions like IBM Tivoli Access Manager, CA SiteMinder, Oracle Access Manager, and PingAccess.
Securing and simplifying access to legacy applications is one of the top use cases for our Datawiza Access Proxy (DAP). DAP extends modern SSO (single sign-on), MFA (multi-factor authentication) and Passwordless to traditional legacy applications, helping organizations create efficient, uniform security policies across all their applications. Some Okta customers have also mentioned to us that Okta Access Gateway (OAG) can perform similar functions and are curious about the differences between DAP and OAG. In this blog post, we will take a detailed look at the features and benefits of Datawiza Access Proxy, and how it differs from Okta Access Gateway.
Flexibility: Identity-Provider Agnostic vs Okta-Only
Datawiza Access Proxy (DAP) offers flexibility by supporting a variety of different identity providers, including Microsoft 365 (Azure AD), Okta, and Cisco Duo. This means that it can integrate with any identity provider that your business currently uses. This allows you to use your existing identity management infrastructure and processes and gives you the freedom to choose the best solution for your business. It also makes it easy to switch between different identity providers, avoiding the problem of identity provider lock-in.
On the other hand, Okta Access Gateway (OAG) is limited in its flexibility as it only supports Okta identity as a single identity provider. This limits the options available to organizations and requires them to conform to the identity provider offered by Okta.
Ease of Use: Centralized Management vs Disparate Managements
Datawiza Access Proxy (DAP) is designed to meet customers’ performance, security, and compliance requirements by deploying the “Data Plane” in their environments. DAP also features a centralized “Control Plane” called Datawiza Cloud Console (DCC), which is a cloud-based SaaS system. Administrators can easily configure and manage DAPs through DCC, regardless of their location as long as they have an internet connection. This eliminates the need for local setup or logging in via SSH to edit configuration files, making the administrative process more efficient and user-friendly. Furthermore, DCC’s centralized management console is critical for a hybrid cloud environment, allowing administrators to manage applications across different environments from a single, central location.
In contrast, Okta Access Gateway (OAG) is delivered as a Virtual Machine (VM) with both the data plane and control plane residing in the same environment. Administrators must log in to local environments to set up everything and navigate different environments to do the configuration if they have OAG deployed in different locations, such as AWS, Azure, GCP, and on-premises. OAG does not offer a centralized, single pane of glass management option.
Logging and Visibility: Comprehensive vs Limited
Datawiza Access Proxy (DAP) offers comprehensive logging and visibility through its centralized console, which aggregates access logs from all applications, whether they are located in on-prem or cloud environments. This provides a holistic view of user access activities, including information such as who accessed which applications, from where, and at what time, down to the URL-level. This level of detail and centralized logging is crucial for advanced identity threat detection and compliance requirements.
On the other hand, Okta Access Gateway (OAG) does not offer a centralized console and therefore is unable to aggregate logs and provide a comprehensive view of user access activities. Instead, visibility is limited and fragmented, making it more difficult to identify potential security threats and comply with regulations.
Deployment and Scalability: Container vs VM
Datawiza Access Proxy (DAP) utilizes container technology to provide unparalleled scalability and ease of deployment for both on-prem and the cloud environments. Its cloud-native architecture seamlessly integrates with modern infrastructure such as Kubernetes, allowing for effortless scaling and adaptability to the evolving needs of your business.
On the other hand, Okta Access Gateway (OAG) operates with traditional Virtual Machine (VM) technology, which may pose limitations in terms of scalability and flexibility when compared to DAP’s container-based, cloud-native design. The deployment and scaling process may require additional effort, making it less suitable for businesses that require quick and easy scaling.
Datawiza Access Proxy (DAP) offers a variety of features that set it apart from Okta Access Gateway (OAG). DAP’s ability to integrate with multiple identity providers, as well as its cloud-native and scalable architecture, makes it a more flexible and easy-to-use solution than OAG. It can be easily deployed and scaled in on-prem or cloud environments, using modern infrastructure like Kubernetes. With DAP, your business can stay agile and adapt to the changing needs of your business.