TFS Gateway



Okta, Inc. is an identity and access management company based in San Francisco. It provides cloud software that helps companies manage and secure user authentication into applications, and for developers to build identity controls into applications, website web services and devices.


Since Okta is an Identity Provider, the integration between TFS Gateway and Okta makes use of the features in Okta that the organization has license to use, especially around authentication of users and federation to other services. As part of the Workforce license of Okta, features are included, for example, the AD Agent for reading from AD and the LDAP Agent for reading from an LDAP.

Okta is continuing to create features in areas such as authentication. They launched their own “workflow” feature and web hooks that might be appropriate for some organizations. TFS Gateway, however, has a product approach to solving the requirements organizations have which are not solved by the “out of the box” Okta service. Okta’s professional service can offer customization and integration for a fairly high Time and Material cost. Outside the US, this cost can become even more expensive.

Okta has a strong product in its concept of Universal Directory, where all information that is pushed or pulled from applications and directories to be stored. Because of this, Okta defines themselves as a Meta Directory, but in reality it is yet another directory that needs to be in sync with the applications and directories around.

Some examples of features of TFS Gateway Services that helps with your Okta implementation:

  • Instead of using Okta Workflow and Webhooks, TFS Gateway can monitor the Okta Event Log, and act on events such as added user or group memberships, to perform actions controlled by source code that can be maintained with normal source code management measures in the TFS Gateway service.
  • Push of group information to AD without affecting AD more than as a source of management of the memberships, and possibly creating groups in AD reflecting group management in Okta, without individual group configurations.
  • Update the Okta profile with information from outside source, with more flexibility on source. Most common that source is Azure AD, which Okta can not use as a master today.