IAM Evaluation Checklist for MSPs

ZeroTek Communications

November 5, 2024

Time to read: 8 min

Key Takeaways

  • MSPs and their customers need a robust identity and access management (IAM) solution to protect against identity-based attacks.
  • Use the IAM checklist below to assess the essential qualities MSPs should look for in an IAM solution.
  • ZeroTek makes it easy for MSPs to successfully deliver the best IAM solution available—Okta.

Key Takeaways

  • MSPs and their customers need a robust identity and access management (IAM) solution to protect against identity-based attacks.
  • Use the IAM checklist below to assess the essential qualities MSPs should look for in an IAM solution.
  • ZeroTek makes it easy for MSPs to successfully deliver the best IAM solution available—Okta.

If you don’t get identity right, you won’t get security right

SMBs are uniquely vulnerable to identity-based cyberattacks. Bad actors know they are big enough to have assets worth stealing but small enough that they are less likely to have adequate IT security.

A robust identity and access management (IAM) solution is essential to protect against identity-based attacks.

ZeroTek makes it easy for MSPs to successfully deliver the best IAM solution available—Okta. If you’re evaluating other IAM platforms, we invite you to measure them against our IAM evaluation checklist below. It addresses the essential qualities MSPs should look for in an IAM solution and offers specific insights into the advantages of the ZeroTek | Okta solution.

Vendor reputation and trustworthiness

☐   Can the IAM vendor keep up with the fast pace of change in identity security?

Okta spends $600–$700M annually on R&D to stay ahead of threat actors, and that amount increases annually as they generate more revenue.

☐   Who else trusts the IAM vendor with their identities?

FedEx, Zoom, Nasdaq, NTT DATA, Envision Healthcare, Hewlett-Packard, Netflix, 20th Century Fox, the US Department of Justice (and thousands more) use Okta.

☐    What kind of availability and backup infrastructure does the vendor have in place to protect you and your customers?

Okta has 99.998% uptime and an extensive global backup infrastructure for extremely high availability architecture, including 5+ cells that each run on several AWS availability zones and geographic regions.

☐    How secure is the vendor itself?

Okta is the only IAM provider to achieve CSA STAR level 2 attestation and is continuously audited by third-party security assessors (SOC2 Type I and II compliant). Okta follows industry best practices for engineering and release management.

☐    How do third-party industry analysts rate the solution?

For seven years in a row, Gartner has identified Okta as an IAM leader in their Magic Quadrant for Access Management, most recently placing them highest on the “Ability to Execute” axis for the third year in a row. Forrester has reached similar conclusions, deeming Okta to have a stronger current offering than Microsoft. (Compare ZeroTek | Okta and Microsoft Entra ID.)

Support for MSP success

☐    What depth of experience does the vendor have with MSPs?

The ZeroTek team is made up of MSP veterans and Okta-certified consultants. ZeroTek is purpose-built to help MSPs succeed.

Over a decade ago, ZeroTek founders recognized the emerging imperative for MSPs to secure user identities and control access. In evaluating different ways to address that need, a few things were clear which remain true today:

  • Okta had a monumental head start in developing IAM technology and was already an industry frontrunner.
  • Okta’s vendor-neutral, cloud-first, API-driven platform was ideal for MSPs who must stay agile to compete, want the freedom to architect their services, and seek to automate and standardize operations.

That’s why we launched ZeroTek in 2016 as Okta’s strategic partner, laser-focused on making Okta’s leading enterprise-class IAM technology accessible and appealing to MSPs.

☐    How quickly can you achieve ROI with the solution?

You can deploy Okta on Day One using ZeroTek | Okta if you know your customers’ needs. Otherwise, we can guide you through a discovery process. Either way, you can be profitable with your first customer in less than a month.

☐    How does the vendor help you achieve ROI with the solution?

You can count on ZeroTek’s detailed playbook of deeply researched, field-tested, and MSP-proven best practices:

  • Developed by our Okta-certified staff.
  • Based on years of working closely with Okta R&D and MSPs like you.

Whether you are new to IAM or an MSP familiar with Okta but unsure how to standardize Okta in a winning IAM strategy that snaps into your existing services, ZeroTek has you covered.

☐    How long will it take to train my team on the solution?

ZeroTek’s comprehensive onboarding process gives you and your team hands-on experience with Okta and ZeroTek’s multitenant dashboard from the start.

For staff unable to participate in the onboarding, ZeroTek offers self-guided training that includes detailed, step-by-step practice exercises they can perform in a sandbox environment.

☐    What’s required to get your salespeople up to speed?

ZeroTek offers a growing library of sales enablement material to help you successfully strategize, market, and sell Okta-powered identity security services.

☐    What’s the technical support experience?

ZeroTek specializes in delivering MSP-centric Okta support to our MSP Partners. Our technical team is certified at the Okta Consultant level and understands MSPs.

Read the NENS or Red Cup IT case study to find out more about how MSPs feel about ZeroTek Support. While our SLA is to respond within 24 hours Monday to Friday, 8AM to 8PM ET, we typically respond much faster than that, often within an hour or so.

Ease of IAM delivery and management for MSPs

☐    Does the solution support multitenant management?

ZeroTek is multitenant Okta. See and manage all your customer Okta orgs from a single dashboard. Actions performed in ZeroTek run instantly in Okta.

☐    Does the solution support onboarding new customers without getting stuck in a sales pipeline?

MSPs can create new Okta orgs in seconds from ZeroTek without engaging in any sales process or signing contracts.

☐    Does the licensing align with MSP business imperatives?

Okta user licensing through ZeroTek requires no annual contracts or renewals and no inventory. Pay-as-you-go monthly billing based on licenses in use.

☐    Who owns the customer?

With ZeroTek | Okta, the MSP owns the customer. (If you or your customers source your licenses directly from Okta or another third party, Okta owns the customer.)

☐    Does the vendor support all the apps your customers already use?

Okta has 7500+ SSO integrations that allow you to easily add most apps in minutes. No other vendor comes close to this number of integrations.

☐    Does the solution support automated user provisioning and deprovisioning?

Okta has 700+ provisioning integrations to automate these processes so your team can focus on projects instead of user management. Again, no other vendor comes close.

☐    How many platform-level integrations are supported?

As an API-driven platform, Okta supports a huge range of integrations.

MSPs can integrate Okta with things like unified endpoint management (UEM) and mobile device management (MDM) platforms as part of their device trust strategy; HR-as-a-Service (HRaaS) systems for seamless end-to-end identity management; and extended detection and response (XDR) tools like SentinelOne and CrowdStrike for extra layers of security. (Read more about how SentinelOne Singularity XDR can complement Okta’s contextual awareness and prevent malicious actors from advancing laterally across attack surfaces.)

☐    Will the solution ever force delays in resolving issues for your customers?

With ZeroTek, you can search and filter detailed, aggregated, real-time Okta system logs for all managed customers from a single dashboard. Actions taken in ZeroTek run immediately in Okta; changes are instant.

Not all platforms provide immediate diagnostic details for your technicians—nor do your technician activities take effect immediately. Latency issues in Microsoft Entra Conditional Access can leave you waiting up to 24 hours for policy changes to take effect. (Read more about how ZeroTek | Okta compares to Microsoft Entra ID as an IAM solution for MSPs.)

☐    How easy is it to achieve regulatory compliance?

Okta is already an essential tool supporting regulatory compliance in financial, software, and healthcare enterprises because its granular, intuitive policy engine makes it easy to configure required access controls.

Transparency and accountability are also key to successful compliance audits. MSP technicians typically interact with multiple customer systems. While Okta system logs are detailed, ZeroTek Audit further enhances Okta’s data by delivering full visibility on all technician activities across all managed Okta customers.

☐    Can you verify the identity of a caller to your help desk?

ZeroTek makes it possible to push a possession-based push challenge to users who contact your MSP’s help desk so you can verify the caller ID before performing security-sensitive actions like resetting authenticators.

☐    Session token theft is a growing threat. How does the platform help protect you?

Okta’s Universal Logout makes it possible to instantly sign a user out across supported apps, terminating users’ sessions and their tokens when Identity Threat Protection identifies a change in risk. 

☐    How much work does the platform do for you?

Okta ThreatInsight compiles data on sign-in activity across the Okta customer base to identify potentially malicious IP addresses and help prevent credential-based attacks, including:

  • Password spraying
  • Credential stuffing
  • Brute-force cryptographic attacks

By gathering information on the origins of sign-in attempts aimed at Okta organizations and endpoints, ThreatInsight establishes a security baseline for all Okta customers.
Learn more about Okta ThreatInsight.

☐    How advanced are the solution’s multifactor authentication (MFA) capabilities?

Okta offers single sign-on (SSO) and adaptive MFA, enabling users to access multiple applications with a single set of credentials, which enhances security and simplifies the user experience.

Okta’s adaptive MFA adjusts to device, location, behavior, and user context for advanced risk-based authentication and access control. ZeroTek allows you to extend Okta’s MFA from the cloud to desktop logins.

☐    How does the solution help you implement best practices security for your team?

ZeroTek has six built-in roles that correspond to those most MSPs currently use, to support role-based access control (RBAC) and the best practice of least-privileged access.

ZeroTek Administrators and Technicians can use ZeroTek’s Deep Link feature to SSO to Okta orgs with administrator privileges. Deep Linking offers significant workflow and security advantages over logging directly into a customer Okta org by supporting better access management, more efficient workflow, and better auditing.

With Deep Linking:

  • ZeroTek Admins can instantly grant or revoke ZeroTek Technician access to specific customer Okta orgs in a few clicks, and technicians never know the specific credentials to access customer Okta orgs.
  • There are no agents to install on customer Okta orgs.
  • MSPs eliminate the need to create and manage a user account in each customer Okta org for each MSP technician who needs access, as well as the need for any shared admin accounts.
  • ZeroTek Admins and assigned ZeroTek Technicians can perform one-time management tasks in the customer Okta org that cannot be executed from ZeroTek via the Okta API.
  • MSPs have full visibility on exactly who did what and when through Deep Linking.

☐    Can you manage cloud-only and hybrid customers?

ZeroTek | Okta can manage cloud-only and hybrid customers and makes migrating customers with remaining on-premises infrastructure to the cloud easier.

ZeroTek is Okta for MSPs

Okta is already the established leader in the enterprise IAM space, and they repeatedly demonstrate their commitment to things that matter deeply to MSPs:

  • The ability to deliver top-tier identity security with a great user experience.
  • The evolution of their vendor-neutral, cloud-first, API-driven architecture.
  • Ongoing, significant investment in security R&D to stay ahead of threat actors.

ZeroTek’s integration with Okta takes their enterprise-class technology and puts it in the hands of MSPs, so you can:

  • Securely and profitably manage multitenant Okta from a single dashboard.
  • Cut the red tape, stay agile, and scale your MSP and your customers’ businesses easily.
  • Ramp up quickly with clearly defined best practices tailored to the needs of MSPs.

Are you ready?

Ready to explore how ZeroTek | Okta can help your MSP deliver next-level security services to your customers?

Icon: a speech bubble

Book a call to get your questions answered, learn about our MSP pricing, and arrange a demo.

You may also like…

Grow your MSP/MSSP by securing identities

Grow your MSP/MSSP by securing identities

SMBs are a significant target for identity-based cyberattacks. Learn how you can protect your customers and grow your business by delivering top-tier IAM.

Share This