Stormpath-Okta Customer FAQ

Stormpath has joined Okta! This FAQ is intended to help Stormpath customers and users understand the impact to their applications and how to get help with migrating their applications.

Overview

What’s happening?

  • The Stormpath team has joined Okta. Read more in our announcement blogpost.
  • The Stormpath APIs will remain in service until 8/17/2017 at noon PST.
  • On that date and time, Stormpath APIs will be shut down.
  • Stormpath users will be able to migrate their data into Okta, and may also export their Stormpath data to use as desired.
  • Existing framework integrations for Java, Express and .NET will be updated to use Okta over the next several months. These will point your application to Okta with a simple version upgrade and minimal service disruption.
  • If you’re connecting to Stormpath with a different framework, you can still move to Okta, but will need to integrate directly with the Okta API. Please contact developers@okta.com for assistance.

What level of service and support will Stormpath users get within 6 months?

  • Existing Stormpath implementations will be supported during this time, via normal Stormpath support channels. Please email support@stormpath.com for assistance.
  • No new feature development on the Stormpath APIs will occur, but the service will be maintained until 8/17/2017. Ongoing status updates can be found on https://status.stormpath.com. Security, availability, and reliability will remain key values for everyone at Stormpath and Okta.
  • The Stormpath SDKs will be in maintenance mode until 8/17/2017 when they will be decommissioned.

Migration

Can I get my data out of Stormpath?

  • The Stormpath team built an export tool to automate export of data from your Stormpath tenant, including password hashes. You can find more information at https://stormpath.com/export

What is Okta?

  • Much like Stormpath, Okta is an Identity API for Developers, offering authentication, authorization, and API access management for web, mobile, and API services. You can learn more or sign up for a free account at https://www.okta.com/developer/signup/stormpath

How do I migrate my service to Okta?

  • To get familiar with Okta you can sign up for a free-forever developer account at https://www.okta.com/developer/signup/stormpath and start working with the Okta API immediately.
  • You can easily import your Stormpath data into an Okta tenant. Please see http://developer.okta.com/documentation/stormpath-import for instructions and email developers@okta.com with any questions about the import functionality
  • Stormpath users have access to normal support channels to answer questions. Please email support@stormpath.com for assistance.
  • Applications moving to Okta can also get assistance by emailing developers@okta.com. Stormpath and Okta product and support teams are working together to ensure a seamless migration path that minimizes pain for development teams.
  • Okta will also offer professional services for migrating Stormpath customers. Please contact your Okta sales representative to discuss further.

Will Okta provide the same features I use in Stormpath today?

  • Many of our features overlap. With Okta you can perform authentication, authorization, social logins, two-factor authentication, SSO across apps, AD/LDAP integration, email customization, SAML integration, and much more. For a more detailed breakdown of feature support, please refer to our compatibility matrix below.

Can I use a Stormpath Framework Integration (like Express, Spring, ASP.NET) with Okta?

  • We are updating the following framework integrations to help Stormpath customers move to Okta. Applications using Stormpath can upgrade their framework integrations to a version which will talk to Okta API. Refer to the feature compatibility matrix below to confirm which features will map over to Okta.
    • Java Spring
    • Java Spring Boot
    • Node Express
    • ASP.NET 4.x
    • ASP.NET Core
  • If you’re connecting to Stormpath with a different framework, you can still move to Okta but will need to integrate directly with the Okta API. Please contact developers@okta.com for assistance.

What if am using a Stormpath client such as Angular, React, iOS, or Android?

  • The client sdks will continue working if you are using one of the server-side framework integrations that Stormpath is migrating over.

Can I use a Stormpath SDKs (like Java, C#, and Node.js) with Okta?

  • We are not migrating the Stormpath SDKs to work with the Okta API. Together with the Okta team, we will develop robust, new SDKs for the Okta API, but these may not be available before Stormpath is shut down. Okta has a REST API that provides functionality similar to the Stormpath API. This can be used in the interim while new Okta SDKs are being developed.

What if I choose to change identity providers?

  • You may utilize the Stormpath export tool regardless of how you choose to power identity in your application going forward.

Billing

What happens to my Stormpath subscription?

  • You will continue to be billed by Stormpath until you cancel your subscription, which you can do at any time in the Stormpath admin console. If you have not canceled by 8/17/2017, your subscription will automatically cancel and your data will be securely deleted on that date.

I’ve pre-paid for more than 6 months of service. What happens to me?

  • Please contact support@stormpath.com and Kelsey will assist you with migration and contract resolution.

Is there a free version of Okta?

How much will it cost to use Okta in Production?

Technical

Are you sharing my users’ information with Okta?

  • Not without your consent. However, if you decide to migrate your user data into Okta, then it will be transferred in order to complete the migration.

Will the data export be secure?

  • Security and reliability are our top priorities. Hashed passwords will be a component of your data export, to assist in seamless migration. Your data will be encrypted while being exported via AES256-CBC. The final data will be sent to you in an encrypted zip file that may be unlocked with a password you choose.

What happens to my data after Stormpath shuts down?

  • The Stormpath API and servers will be shut down at noon PDT 8/17/2017. After that point, you will no longer have access to your data. Your data will be securely deleted.

Do I need to plan for downtime for my application?

  • Yes. You will need to plan for some downtime when migrating a production Stormpath application to Okta. You will need to:
    • Pause your service in production.
    • Request an export of your Stormpath data.
    • Import your Stormpath data dump into Okta.
    • Update your production code to talk to Okta.
    • Resume running your service in production.

Will my users have to reset their passwords?

  • No. If you choose to migrate to Okta, your Stormpath password hashes will be moved into your new Okta user accounts. This makes resetting your user passwords unnecessary.

Will OAuth tokens need to be refreshed?

  • Yes. Once you’ve migrated your data to Okta, your users will be logged out and will need to re-login to your application. This is a one-time procedure that should not negatively affect user experience.
     
     
     

Compatibility Matrix

 

Feature Available on Okta Today? Additional Notes
Protocols
OAuth 2.0 Yes Okta supports the following grant_types: password, client_credentials, implicit, authorization_code
OpenID Connect Yes Okta is a certified OpenID Connect Provider for the following profiles:

  • Basic OP
  • Implicit OP
  • Hybrid OP
  • Config OP
SAML Yes
Active Directory Yes, with Caveats Active Directory Agents will need to be recreated in Okta. Okta supports read / write to Active Directory
LDAP Yes, with Caveats LDAP Agents will need to be recreated in Okta. Okta supports read / write to LDAP
Authentication Methods
Username and Password Yes Via Password Grant
Facebook Yes
Google Yes
LinkedIn Yes
Github No
Twitter No
Social Generic OAuth 2.0 No
SAML Yes IdP and SP initiated
Active Directory Yes, with Caveats Active Directory Agents will need to be recreated in Okta. Okta supports read / write to Active Directory
LDAP Yes, with Caveats LDAP Agents will need to be recreated in Okta. Okta supports read / write to LDAP
API Key Authentication Yes, with Caveats During the migration, for each API Key (up to 10): The API Key ID & Secret are put into the next open slot on the Okta user profile (attribute is called “stormpathApiKey_[1-10]). Its format should be {apiKey.id}:{apiKey.secret}.
Multifactor Authentication Yes, with Caveats Factors will need to be recreated.  Okta supports: TOTP, SMS,Voice, Security Questions, Mobile Push, and FIDO U2F.  Okta supports geolocation policies for adaptive multifactor authentication.
Features
Custom Data Yes, with Caveats Okta supports additional attributes on the User object (account in Stormpath), with Okta’s Schema API. Attributes must be flat (no nested JSON), and are strongly typed. No custom data can be created on other resources in Okta.
Custom Data Search Yes, with Caveats New query language must be used to perform search. Search only works against User objects.
OAuth 2.0 Token Generation Yes
OAuth 2.0 Token Revocation Yes
OAuth 2.0 Token TTLs Yes
Groups Yes
Organizations Yes, with Caveats Okta Groups can be used to label organizational information.
Customized Emails Yes, with Caveats Okta supports the following email templates: User Activation, Forgot Password, Password Reset by Admin, Unlock Account
Custom SMTP Sender Yes, with Caveats While Stormpath supported any custom SMTP, Okta currently only supports Sendgrid.
Email Whitelist / Blacklist No
Multi-tenancy Yes, with Caveats Okta will migrate organizations over by creating Okta groups with the “org:” prefix to keep the organizational mapping information. Individual users can only exist uniquely once per Okta tenant, so you cannot have multiple accounts with the same username or email.
Password Strength Requirements Yes, with Caveats Okta does not support diacritics
ID Site No Okta does not host login screens like ID site. You can, however, implement this functionality yourself by hosting a website that uses the Okta widget.