| Implementation Complexity | Employs microservices architecture for easy integration, customization and maintenance without business interruption. Provides a dedicated dashboard for Managed Services Providers (MSPs) to manage customers and their respective users, with user behavior analytics and metrics on authentication, authorization, and details on what applications are accessed by which user. Facilitates tenant and user creation with a step-by-step wizard requiring minimal to no training. Provides easily customizable mail notification templates. Offers cost-effective implementation plans. | Comes packaged in a single project, which makes understanding the framework and codebase time-consuming. No dashboard available to provide metrics - metrics are available only if Keycloak is integrated with Grafana or any other monitoring tool. Customization of user activation and other mail notifications templates is cumbersome - it requires creating a theme with the necessary configuration to extend KeyCloak, and there is also insufficient documentation on this process. |
| Documentation & Support | Ensures cost-effective 24x7 support and provides detailed documentation. | Provides limited online support and documentation, resulting in time-consuming debugging. |
| Infrastructure Deployment | Deployed on a highly secure environment utilizing Kubernetes clusters and an Istio service mesh to ensure all traffic flows through a secure tunnel. Includes robust backup and failover mechanisms for deployed cloud resources, along with a monitoring system that continuously tracks each cloud resource. Sends immediate notifications to the DevOps team in the event of an incident for rapid resolution, ensuring high application availability. | No readily available deployment infrastructure. |
| Infrastructure Costs and Management | Manages all client instances through a K8s cluster environment allowing for ‘true' multi-tenant architecture that optimizes cost and facilitates efficient management of all the instances. | All client instances need to be individually managed. |
| Nested Multi-Tenancy | Allows for multiple levels of sub-tenants within each tenant along with their own administration console | Available. |
| Identity broker | Enables you to integrate with and leverage any existing identity provider in the organization. | Enables you to integrate with and leverage any existing identity Provider in the organization. |
| LDAP & AD Integration | Provides readily available connectors for AD and LDAP, and can be connected through Akku's wizard. | Providers readily available connectors, but requires Keycloak-specific domain knowledge to integrate. |
| SAML Authentication | Provides a customized UX to facilitate easy configuration with no specific domain expertise required. | Available, but requires Keycloak-specific domain expertise. |
| OpenID | Provides a customized UX to facilitate easy configuration with no specific domain expertise required | Available, but requires Keycloak-specific domain expertise. |
| OAuth2 | Provides a customized UX to facilitate easy configuration with no specific domain expertise required. | Available, but requires Keycloak-specific domain expertise. |
| SSO | Provides plug-and-play SSO with white-label options. | Available. |
| Single Logout | Enables single logout functionality, ensuring that when a user logs out of Akku, all integrated applications are automatically logged out. | Not available. |
| Desktop SSO | Allows users to log in from their Windows laptop or desktop and seamlessly access configured service provider applications without requiring additional authentication. | Not available. |
| SSO with Credential Replay | Allows for SSO to legacy apps that do not support federated authentication using Credential Replay | Available. |
| Configurable SSO App Dashboard | Allows the user to configure their SSO dashboard to add, remove, display or hide the listed apps. | Not available. |
| Configurable / Auto App Arrangement in Dashboard | Allows users to arrange apps in the SSO dashboard into folders, ordered by most frequently used, alphabetically or based on user preference. | Not available. |
| Preferred Browser SSO | Allows the administrator or user to select the preferred browser on which each SSO application launches, based on which browser each app works best on. | Not available. |
| Auto Launch SSO Apps | Allows the administrator or user to select apps that have to be launched with SSO automatically when the machine starts. This requires Desktop SSO to be implemented. | Not available. |
| MFA | Provides multi-factor authentication (MFA) and adaptive MFA (AMFA) with a range of factors including push notification, face/touch, Google Authenticator and OTP based authentication. | Available. |
| Password Policy | Enables comprehensive password policy management, including length, complexity, expiration, and prevention of reuse. | Not available. |
| Configurable Auto Account Unlock | Enables locked user accounts to be automatically unlocked within a specified duration | Enables locked user accounts to be automatically unlocked within a specified duration. |
| Mobile Password Management | Allows users to manage their passwords using their mobile devices. | Not available. |
| Locked Out User Password Reset & Account Unlock | Allows locked out users to unlock their accounts or reset their passwords. | Not available. |
| Password Sync | Allows synchronization of users' passwords from the directory to all their apps that require credential replay for SSO. | Not available. |
| Roaming User Password Management | Allows for the password in the machine cache to be updated upon change or reset of password from outside the directory domain network. | Not available. |
| IP-based Restriction | Enables allowing access to applications only from authorized IPs through a simple configuration process. | Enables allowing access to the admin console only from certain IPs. |
| Location-based Restriction | Provides a facility to restrict access to users from a particular location. | Not available. |
| Device-based Restriction | Provides a dedicated access manager that enables allowing access only from authorized devices, and also allows integration with third party applications. | Not available. |
| MDM | Enables authorization, blocking, and revocation of access on individual devices including enforcing passcodes and remote data wipe. | Not available. |
| Provisioning / Deprovisioning of Applications | Provides application provisioning based on Akku's role-based access control (RBAC) as part of user onboarding, with single click deprovisioning across all applications. Provisioning is achieved through a dedicated provisioning engine with dedicated connectors to each target application. | Not available. |
| Subscription & User Management of Third-party Apps | Provides this functionality, with SAML 2.0 integration already done with 100+ SaaS applications | Not available. |
| Reports | Provides detailed audit logs for tracking all events related to access and session usage, enabling reports to be generated for specific time periods and for specific users and the applications they access. Also allows Build Your Own Reports at each tenant level. | Provides basic reports on active sessions and user sessions that are not easy to understand. Does not provide Build Your Own Reports functionality. |
| SaaS Application Usage Analytics | Provides daily monitoring of user activity track effective usage. Provides usage statistics to the tenant administrator, enabling informed decisions on deprovisioning users who are not actively utilizing integrated applications, which directly relates to effective utilization and cost management of SaaS applications. | Provides usage analytics, but there is no specific intelligence provided to allow administrators to monitor and optimize licenses based on usage of SaaS applications. |
