Auth Solutions on the Market
· 2 min read
In summary...
- If I am running a new startup and do not want to build my own auth systems, go with auth0.
- If I am running a company that needs integrations of enterprise services, then go with onelogin for their compliance.
- Google Firebase is awful and not easy to migrate in the future. Google would better consider acquiring auth0.
| Auth0 | Okta | Amazon Cognito | onelogin | Firebase Authentication | |
|---|---|---|---|---|---|
| Send Welcome Email after Signup | Template provided | ❌ | ❌ | ❌ | event handler provide but need email vendor integration |
| Customer Type | B2C, B2B, B2E | B2C, B2B, B2E | ? | B2E | ❌ |
| SSO | ✅ | ✅ | ✅ | ✅ | ? |
| MFA | Push Notification, SMS | Authenticator, SMS, Voice Call, Security Question | SMS, Authenticator | Push, SMS, Authenticator | SMS |
| Social Login / Public Identity Providers | ✅ | ✅ | ✅ | ✅ | ✅ |
| Login Rules Engine / Policy | ✅ | ✅ | ❌ | ✅ | ❌ |
| RBAC / Group-based | ✅ | ✅ | ✅ | ✅ | ❌ |
| Cross-platform SDK | Web, Mobile, Native | Web(Angular, Node.js, React, PHP, Java, .NET), Mobile(iOS, Android), Native (Java, .NET), Machine-to-machine | ✅ | raw examples | iOS, Android, Web, C++, Unity, |
| Industry Standards | SAML, OpenID Connect, JWT, OAuth2.0, OAuth1.0a, WS-Federation, OpenID | SAML identity provider | OAuth2.0, SAML2.0, OpenID Connect | SAML 1.1 and 2.0 WS-Federation 2005 SCIM 1.1 and 2.0 OAuth 1.0 and 2.0 OpenID Connect 1.0 JSON Web Token (JWT) Integrated Windows Authentication (IWA) | ❌ |
| Analytics | ✅ | ✅ | aws Pinpoint | ❌ | ❌ |
| General SLA | 99.95% | 99.97% | ❌ | 99.98% | ❌ |
| Passwordless | Touch ID, Email Magic Link, SMS | ❌ | ❌ | ❌ | ❌ |
| Anomaly Detection | 1. Brute-force ProtectionLimit the amount of signups and failed logins from a suspicious IP address.2. Breached-password Detection. Detects login attempts with credentials that have been known to be breached. | Risk-based authentication | ❌ | Risk-based authentication | ❌ |
| Anomaly Detection Reactions | Email notificationBlock IP | ❌ | ❌ | ❌ | ❌ |
| Providing User Profile / Directory Store | ✅very extensive | ✅W/ Management Metrics: Total Users, Authentications, Failed Logins, System Log | ✅access configured by Apps | ✅ | ✅very limited fields |
| Workflows - Email address verification | ❌ | ❌ | ❌ | ❌ | ✅ |
| Workflows - Email address change | ❌ | ❌ | ❌ | ❌ | ✅ |
| Workflows - Forgot password | ✅limited page customization | ✅email templates | ✅email/SMS template | ✅no UI customization | ✅ |
| Workflows - Lockout Self-Service | ❌ | ✅ | ❌ | ❌ | ❌ |
| AD/LDAP integration | ✅ | ✅ | AD | AD | ❌ |
| Compliance | SOC 2 Type II, EU-US Privacy Shield Framework, HIPAA, OpenID Connect | HIPAA, EU, and FED compliance | PCI DSS Compliance and is HIPAA Eligible | ASSURANCE PROGRAMS: SOC 2 Type 2 SOC 1 Type 2 ISO 27017:2015 ISO 27018:2014 ISO 27001:2013 SECURITY PROGRAMS: Skyhigh Enterprise-Ready CSA STAR PRIVACY PROGRAMS: TRUSTe Certified Privacy U.S. Privacy Shield GDPR EU Model Contract Clauses VULNERABILITY MANAGEMENT: Penetration Tests Network Scans Bug Bounty Program OTHER INITIATIVES: HIPAA FFIEC / GLBA NIST Cybersecurity Framework G-Cloud FERPA | ❌ |
| User Devices Management | ✅ | ✅ | ✅ | ✅ | ❌ |
