Bitium - Review 2022

Bitium (which begins at $3 per user per month for a minimum of fifty users) is the result of ii Software-as-a-Service (SaaS) users at a development visitor identifying a need in their ain organization, namely a tool to tie multiple disparate cloud apps into a single, manageable platform. With this need identified, the coworkers realized they had the development chops to build it and Bitium was born. Its roots give it a solid focus on two core use cases: administrators (admins) requiring manageability and oversight as well equally users looking for increased productivity and efficiency. The result is an innovative identity direction (IDM) solution, and while it still lags behind Editors' Choice winners, Centrify and Okta Identity Direction, Bitium has seriously stepped up its game since the concluding time we reviewed information technology, especially in regards to connecting with on-premises Microsoft Active Directory (AD) stores.

New Setup Organisation

The initial setup process for Bitium is similar to other IDM solutions, requiring a business email accost (meaning that users of popular personal electronic mail providers, such every bit Gmail, Hotmail, or Microsoft Outlook accounts, need not apply) and some other bones contact information. Once your email address is confirmed, the Bitium account becomes active and you can begin configuring users and applications.

Bitium tin connect to the usual third-party identity suspects such as Advertisement, Lightweight Directory Access Protocol (LDAP) directories, or leverage Google Chiliad Suite as a user source. You can besides import identities from Namely and BambooHR, ii SaaS-based man resource (HR) apps. Integrating with an HR application is the ideal solution in terms of streamlining user management, because it reduces the administrative workload and often allows for additional automation based on user attributes.

In our previous review of Bitium, we dinged the service for not offering an agent-based solution for customers needing to integrate with AD. Since then, Bitium continues to allow you lot to connect past using LDAP over SSL (LDAPS), while also offer agent-based connectivity for Microsoft Windows, various flavors of Linux, and Apple'southward OS X. Both options have their place: software agents offer simple connectivity, but crave a high level of trust with the vendor. LDAPS provides a direct link to your directory. But, they crave firewall rules in order to let Bitium accomplish Advertizement, though they give you a scrap more command over the security aspects of the directory connexion. The key point isn't that one option is better than the other (that'll depend on your organizational needs) but that Bitium gives customers the ability to choose any method they demand. Though they require a bit more configuration, AD shops also take the ability to integrate into Bitium using Microsoft Active Directory Federation Services (ADFS) or Azure Active Directory (Azure Ad). In both cases, you lot enable connectivity using a Security Assertion Markup Language (SAML) connection and walking through a ready of well-documented steps on both sides of the connection.

User Provisioning

Having configured the AD agent or other synchronization method, your corporate users and groups will be synchronized into Bitium, along with group memberships. Once synchronized, apps tin can exist assigned to users or (ideally) groups. As is common with most identity direction suites, in one case the relationship between an application and an Active Directory-based group is established, users volition automatically proceeds admission to the app when they are placed in the advisable grouping.

Using Bitium to let your users authenticate to third-party SaaS applications is merely a matter of searching for the app in Bitium'due south app catalog (in most cases) and performing a few basic configuration steps. There may be applications that aren't listed, in which case an email to Bitium's back up team will go things rolling in terms of getting the awarding added to the itemize. For SaaS applications that support automated user provisioning using standards or an API, Bitium can handle creating users, assigning licenses, and managing permissions in the app. That minimizes the manual endeavour that admins need to shoulder and saves the organization coin. Bitium even offers provisioning to a select few SaaS applications (specifically HubSpot) that don't offer automated provisioning by emulating the form-based data entry process you'd normally use to create private users.

While Bitium does offer support for multiple directories, its focus isn't on combining identities from multiple sources and managing the flow of circuitous aspect-based data. Bitium's focus is squarely on the virtually common identity management use instance: pulling user information from a HR management system, provisioning users in the SaaS apps they demand, and even de-provisioning these accounts one time an individual has left the company. These administrative tasks may only take minutes for an individual user, but when you lot're because hundreds or thousands of users the task quickly adds upwardly to a total-time chore. In add-on to the time and money concerns, security and compliance are a major Bitium focus, specially in grooming of It and security audits.

I other labor and cost-saving capability Bitium offers is the Mobile Password Recovery choice. Using a registered mobile device (currently express to Android devices) users with the Bitium Mobile app tin reset their Active Directory password using their mobile device rather than having to interface with corporate IT. That sounds small-scale, merely it tin can have a large impact on decreasing lost productivity and reducing helpdesk calls.

Single Sign-On (SSO)

Like many IDM solutions, Bitium offers a Single Sign-On (SSO) portal for users, along with browser plug-ins and mobile apps that extend the SSO experience. Within the SSO portal, Bitium not but includes a dissever surface area for users to store credentials for personal web apps (those outside the purview of corporate Information technology), only this personal section must be associated to a personal email business relationship. That lets a user retain these credentials in one case she separates from the arrangement.

Bitium offers a scattering of features that you won't find in the other IDM solutions we've reviewed. One example is offering SSO bookmarks to specific locations in tertiary-party SaaS apps. Nigh IDM providers allow you to automatically cosign users to their applications, and Okta fifty-fifty breaks out private apps from a single provider such equally Gmail, Google Calendar, and Google Drive (for Work). What Bitium offers is the ability to create bookmarks to locations within the SaaS app and betrayal that in the user portal. This procedure requires the browser plugin and some know-how, but once you master the process it'due south fairly straightforward to knock out a handful of bookmarks in only a few minutes.

Another innovation is the ability to leverage Google Grand Suite SSO to SaaS apps that don't offer SAML authentication. That gives you a more secure alternative to simply configuring apps with saved passwords. The general idea here is that many SaaS apps offering Google as an authentication method, and Bitium can be used to perform SSO authentication using Google as a become-betwixt. Bitium can also manage password changes for countersign vault-based SaaS apps, using randomized passwords to maintain strong security. Finally, Bitium offers KeyVault, which allows you to store and share things like WiFi or VPN credentials and software keys—things that don't fit the standard username and password modality. Many of these features are adequately commonplace in password managers, just don't seem to be popular features in IDM solutions.

Nosotros've consistently identified security policies and multi-factor authentication (MFA) equally critical security features for IDaaS solutions. Bitium offers both of these critical features, merely its implementation doesn't compare favorably with those of competitors like Okta Identity Management and OneLogin. Bitium supports one-fourth dimension passwords from Google Authenticator (or a compatible service such as Twilio Authy or Microsoft Authenticator) or Duo Security. While additional back up for multifactor providers is certainly a plus, and lack of such may well be a deal breaker for some organizations, the existing options are perfectly sufficient for most. Meanwhile, Bitium's security policies are becoming a forcefulness. IP-based policies can be configured organization-broad or can be tied to a specific user, group, app, or to an MFA policy. Additionally, these IP policies tin can be past an actual IP address range or be based on a geo-location data betoken, like the user's country, and fifty-fifty as a whitelist or a blacklist.

Two areas where Bitium doesn't offer the same level of functionality as competitors similar Azure Advertisement, Okta, and Ping Identity PingOne are consumer identity management and authentication to on-premises applications. The latter refers to applications still hosted on-site in the corporate network. Bitium offers two ways to integrate with such apps: Outset, its cadre SAML and password vaulting SSO functionality, or the Bitium Application Services Endpoint (B.A.Southward.E) prepare of developer tools that help y'all create custom hallmark services for on-premises or B2B apps with corporate partners. While both of these options are viable, they'll require pregnant know-how in the case of the B.A.S.E APIs, and boosted networking configuration to support SAML. Consumer identities aren't currently a focus area for Bitium, meaning companies with customer-facing apps may want to look at options such as Centrify or Azure Advertizing. Just Bitium'due south priorities are largely dictated by its customers, and then it's not completely off the table for the future.

One area nosotros miss from Bitium is its App Spend feature, which is now deprecated. App Spend gave you a gear up of tools to monitor the toll of your SaaS applications and identify areas where your business was potentially overspending. It's hard to knock Bitium for choosing to drib a feature that was a differentiator in the IDM infinite, and truthfully there are other ways to rails the same sort of data, but information technology seemed like an obvious win for companies looking to keep their spending efficient.

Innovative Reporting

Bitium has several feature areas that fall under the category of reporting. The organizational insights dashboard, for example, rates your organization on major security categories, helping administrators place areas for improvement. The administrative department labeled reports has a handful of dashboard-like canned reports, showing data such every bit app usage, password duplication or weakness, and other similar data points. The event log shows more than of the audit-level data, which tin be exported to CSV.

Though information technology's not a traditional reporting capability, Bitium implements a slick feature called "Tasks." Substantially, Bitium attempts to place administrative actions you need to accept and places them in a to-do list for you to knock out as time permits. Information technology's a low-impact manner of fixing configuration problems that doesn't generate a bunch of email traffic you eventually melody out. One weakness of the Tasks feature, however, is that there doesn't announced to exist a way to perform bulk actions. That means using it as a management tool tin can become repetitive and cumbersome.

Bitium's newest reporting-like adequacy is based on Webhooks, which give you a very flexible method of tying events to a logging and alerting service similar Splunk or Datadog, or even rolling your own corporate logging service. Using web standards like HTTP (Hypertext Transfer Protocol) and JSON (JavaScript Object Notation), Bitium can easily exist configured to transport notifications when things like an hallmark failure or a mobile countersign reset occurs. This is potentially very powerful stuff, both for security and productivity reasons. Receiving an early warning almost potential security incidents or failed authentication to a business organization-critical application could take a significant affect on the corporate bottom line and the IT admin's job security.

The Mid-Level Price Is the Sweetness Spot

With pricing tiers ranging from $3 to $8 monthly per user, Bitium is right in line with much of the contest in terms of raw numbers. The issue is that the entry-level Business tier precludes integration with Active Directory, and only offers basic provisioning support. For $v monthly the Business concern Plus plan adds Advertizing-integration and group and policy management. The Unlimited level gives y'all everything, including full provisioning, KeyVault, and integration with Hr systems.

Bitium is a solid production that covers most of the key features identity-conscious Information technology managers seek, accompanied with competitive pricing. That makes it perfectly fine for small to midsize businesses (SMBs). However, its key shortcomings, notably support for multiple directories and limited value-added for on-premises apps, hateful that larger businesses will probably demand to go along looking.

Source: https://sea.pcmag.com/onlinecloud-backup-services/16385/bitium

Posted by: andrewshingeathist1980.blogspot.com

Share this post