UserLock vs. Okta

On-premise and Hybrid: UserLock simplifies the process of enabling MFA for AD logins on various connections, such as Windows login, RDP, RD Gateway, VPN, IIS, and cloud applications. Instead of replacing existing identity management solutions, UserLock builds on top of existing AD environments to improve access controls and system visibility.

Cloud-based: Okta’s cloud-based service requires additional software to protect on-premise and legacy applications, using RADIUS to authenticate on-premise connections with cloud identities. There may be considerable manual installation and synchronization needed. UserLock can complement Okta’s offering by providing a solution for on-premise MFA — without requiring a connection to a cloud IP provider.

No maximum or minimum number of users.

200-1000+. Okta’s minimum annual pricing level (currently $1,500) may be more than many organizations need to spend.

Yes: UserLock enables MFA on Windows logon, RDP, and VPN connections to verify users’ identities and secure access to your network. UserLock supports various MFA methods, such as push notifications, authenticator applications, and programmable hardware tokens like YubiKey and Token2. You can also tailor UserLock to your system requirements. UserLock can make MFA deployment as smooth as possible, providing MFA to users without internet access, on all AD member devices, while detecting new endpoints automatically.

Yes: Okta’s identity management solution allows admins to configure optional MFA at the organization or application level. The Okta MFA solution supports various MFA factors, including Okta Verify, Duo Security, and YubiKey.

Yes: UserLock SSO enables each user to log in once using their existing on-premise or hybrid AD credentials. They can then access popular external resources, such as Microsoft 365 and other cloud applications, without verifying their identities again. UserLock’s SAML protocol support enables you to configure connections to custom SaaS apps.

Yes: You can add Okta’s SSO solution to let users access a network of over 7,000 pre-built integrations. If you’re looking to roll out SSO to a vast number of services, Okta enables you to deploy SSO systems to cloud apps efficiently.

UserLock empowers you to enforce controlled user access policies that permit or deny user logins based on multiple criteria, such as login device, location, time, origin, or session type. The controls you set using UserLock’s contextual access management work with your organization’s policies to improve security and reduce user frustration.

Okta’s MFA solution can provide contextual access management based on various criteria. You can assess factors such as login location, device, and origin to automatically allow or deny a login attempt.

Yes: With UserLock, you can control, restrict, and enforce user login locations by workstations or devices, IP ranges, departments, and countries. UserLock also extends beyond native Windows controls, giving you the power to set a central restriction for an entire group, if needed.

Yes: Okta Device Trust for Windows enables you to block unknown Windows computers from accessing corporate SAML and WS-Fed cloud apps. In Okta’s Universal Directory, user and device identity can be linked, and a user’s known devices can be stored to block untrusted devices.

Yes: UserLock allows you more control over the hours and days when protected users can log onto corporate networks. You can restrict AD user logon by working hours and/or a maximum session time. With these features, UserLock adds to Windows controls by enabling restriction of user logon hours by group, and enforcing logoffs when your chosen time restrictions expire.

Only via maximum session length: With Okta, you can enforce a maximum session length which will log off users once they have surpassed the limit. However, you cannot define restricted or permitted login hours, as you can with UserLock.

Yes: UserLock can restrict AD logins by session type originating from a PC, laptop, tablet, or smartphone. This feature also offers protection for a remote workforce, limiting by session type from on-premise or remote login attempts. UserLock’s Wi-Fi session control feature also enables you to address some of the network threats associated with a bring-your-own-device (BYOD) workforce culture.

Yes: Okta’s Global Session Policies enable administrators to manage access to the platform and govern user authentication based on many different session types. You can include additional challenges for specific sessions, and limit the duration of active sessions before re-authentication.

Yes: Limiting concurrent logins helps protect against credential misuse and is a crucial requirement for many compliance standards. With UserLock, you can prevent a user’s credentials from being used to log in more than once, preventing a potentially dangerous concurrent login scenario. You can also limit initial access points to a single point of entry, based on user, group, or organizational unit (OU). After connecting, any additional access attempts that are not initiated from this point are automatically blocked.

No: In Okta, it is not currently possible to restrict the number of concurrent sessions for a user. The user can use the same account to log in to Okta and have several simultaneous sessions across various devices, as their initial verification was successful. The closest possible workaround is to set a rule requiring users to re-authenticate after a minimum session length, such as 60 minutes.

Yes: UserLock enables you to monitor, alert, and respond to all AD user account logon and logoff activity. You can choose to receive real-time alerts for any particular login behavior, with interaction and response managed remotely through the UserLock console. You can also notify end-users directly of any suspicious events that involve their credentials, letting you respond to unauthorized login attempts swiftly.

Yes: Okta offers monitoring and alerting capabilities via its APIs, SDKs, and the Admin Console. Okta also supports integration with third-party commercial or custom monitoring tools for an organization that prefers to use external solutions.

Yes: UserLock maintains records and generates reports for every user connection event and login attempt on an AD environment. You can audit and report all access events for your AD environment to improve security, monitor user behavior, or meet compliance needs. UserLock serves as a centralized platform for all access events, giving you the detailed insights you need.

Yes: Okta’s System Log contains information about all tracked login and logoff events. You can view the logs through graphs, events tables, filters, and search functions to monitor various events within your organization.

Yes: Privileged users are high-value targets for hackers and pose significant risks to an organization’s security. UserLock allows you to monitor, audit, and archive modifications made by privileged users in a Windows application event log. You can also configure alerts to be triggered for any changes made to settings or policies. UserLock’s privileged user auditing capabilities help protect organizations against insider threats, while meeting best practice and compliance requirements.

Yes: Okta provides a pre-built report that offers a snapshot of all admin roles currently in use. In addition to these reports, you can use the Okta System Log for privileged access management purposes, gaining an overview of Okta’s administrative functions and user permissions.

Yes: The UserLock Web App provides visual and intuitive tools to monitor session activity and react quickly to threats. With your enhanced access, you can monitor user activity and handle session management tasks even when working off-premises. The filtering and export functions also help automate reporting, saving you time and increasing visibility.

Yes: Okta’s cloud-based software allows you to manage applications, settings, and permissions from anywhere. Okta connects to various user directories, such as AD and external SaaS solutions, to give a consolidated view of user information in one location. This simplifies the management of your user attributes, app permissions, and group assignments.