Multi-tenancy |
Multi-tenancy | Descope is multi-tenant by design and can support advanced B2B enterprise requirements. Tenants can easily be created and managed from the console or Management SDK. Easily control session management, password settings, and permission controls at a tenant level.
| With PingFederate, control session management and password settings at a tenant level. Permission controls are complicated to implement at a tenant level in the Ping Dashboard, but can be done programmatically.
|
“This is the fastest implementation of RBAC in a product I’ve ever seen.” - Co-Founder and CEO |
SSO |
SSO | Strong support for both SAML and OIDC SSO with full self-service configuration. Use identity federation to unify customer identities across all business-facing apps. Create custom onboarding journeys for each app.
| Static SSO that lacks the ability to pass custom user and tenant parameters in real-time. Lacks use cases such as routing to multiple IdPs in real-time and IdP-initiated SSO without the user needing to input their email.
|
"Every B2B SaaS app needs to think about SAML and access control from Day 1. Descope helps us offer these capabilities to our customers with minimal engineering effort." - Co-Founder |
SSO provisioning |
SSO provisioning | Descope’s SSO self-service flows allow your customers to easily set up their app with their own IdPs. | No self service provisioning supported. Customers must interact with Ping Identity admins in order to correctly configure SSO. |
|
User journeys |
User journeys | No-code workflows to create and customize flows such as user invites, step-up auth, user merging, and identity orchestration. | Non-workflow based approach to user authentication, much less flexible in developing user journeys. DaVinci exists as an add-on that does support creating workflows, but at an additional cost and requires additional implementation work.
|
"The Descope Flows feature is exceptional and super intuitive! While we try to enhance customer experience, our own experience with Descope has been delightful.” - Co-Founder |
Delegated administration |
Delegated administration | Self-service, embeddable widgets for a variety of end user actions: user and role mgmt, access key mgmt, audits, and user profiles. | No delegated admin support. Creating self-service experiences for end users needs to be done in-house or with lots of custom implementation work. |
|
Risk-based MFA |
Risk-based MFA | With Flows and connectors, you can easily create branching user paths based on risk scores ingested from 3rd-party fraud services like reCAPTCHA. | Risk-based MFA is more complicated to implement because of the lack of built in features like bot detection and impossible traveler detection. Setting up risk-based MFA is restrictive since conditions can’t be easily created based on native or third-party risk scores.
|
|
Authorization |
Authorization | Add fine-grained and tenant-aware authorization (RBAC, ReBAC, ABAC) capabilities to your app. Utilize custom JWT claims to define access controls for your app. Assign user roles and permissions based on workflow conditions.
|
|
|
SCIM provisioning |
SCIM provisioning | Automated or on-demand user provisioning and deprovisioning. Integrations with major IAM systems ensure synchronization of user data across systems. Self service SCIM provisioning with access key widget.
|
|
|
Future-proofing |
Future-proofing | Workflow-based approach that makes it easier to modify user journeys without redeploying the app. | Non-workflow based approach to user authentication, requires code to be changed and re-deployed if user journey needs to change. DaVinci exists as an add-on that does support creating workflows, but at an additional cost and requires additional implementation work.
|
|
