Choosing an identity and access management (IAM) solution isn’t just a technical decision, it’s strategic. It affects how your team works, how secure your data is, and how much time and money you spend managing users, devices, and access. If you’re in the not-for-profit sector, where budgets are tight and resources are stretched, the stakes are even higher.
Two of the most talked-about platforms in this space are Okta Essentials and Microsoft Entra P2 (formerly Azure AD Premium P2). Both are powerful. Both are widely adopted. But they’re not created equal, and depending on your organisation’s setup, one might be a much better fit.
Let’s unpack this.
Why Identity Management Matters More Than Ever
Before diving into the comparison, it’s worth pausing to ask: why does identity management matter so much now?
Well, the short answer is: everything’s digital. Staff, volunteers, contractors, they’re all accessing cloud apps, internal systems, and shared data from multiple devices, often remotely. The old perimeter-based security model doesn’t work anymore. Identity is the new control point.
So, your IAM platform needs to do more than just log people in. It needs to:
- Authenticate users securely (ideally with multi-factor authentication).
- Control access based on risk, location, device compliance, and more.
- Automate onboarding and offboarding.
- Provide audit trails for compliance.
- Integrate with your existing tools.
And ideally, it should do all that without creating extra work for your IT team.
Microsoft Entra P2: Deep Integration, Rich Features, and NFP-Friendly Pricing
Let’s start with Microsoft Entra P2. If your organisation already uses Microsoft 365, Teams, Intune, or Windows devices, Entra P2 is probably the most natural fit. It’s designed to work seamlessly with the Microsoft ecosystem, which means fewer headaches and better security alignment.
Here are some of the standout features:
1. Conditional Access and Risk-Based MFA
Entra P2 offers advanced conditional access policies. You can set rules based on user risk level, device compliance, location, and more. It’s not just “yes or no” access, it’s nuanced, context-aware access control.
Risk-based MFA is another big win. Instead of prompting for MFA every time, Entra P2 can assess the risk of a sign-in and decide whether extra verification is needed. That means better security without annoying your users unnecessarily.
2. Privileged Identity Management (PIM)
This is a feature that’s often overlooked but incredibly valuable. PIM allows you to assign admin roles temporarily, just-in-time access. So, someone can elevate their privileges for a task, and then automatically lose them after. It’s a smart way to reduce standing admin rights and limit exposure.
3. Identity Protection and Access Reviews
Entra P2 includes Microsoft’s Identity Protection engine, which uses AI to detect risky sign-ins and compromised accounts. It’s like having a security analyst watching your environment 24/7.
Access Reviews let you periodically check who has access to what, and whether they still need it. It’s a governance feature that helps prevent permission creep.
4. Lifecycle Automation
Onboarding and offboarding users can be a pain. Entra P2 supports automated joiner-mover-leaver (JML) processes using entitlement management. It’s not perfect, but it’s powerful, and it’s getting better with each update.
5. NFP Pricing
This is where things get really interesting. Microsoft offers Entra P2 at up to 75% off for eligible not-for-profits. That means you can get enterprise-grade identity governance for a fraction of the commercial price. Okta doesn’t publish NFP pricing, and matching Entra P2’s features would likely require multiple paid add-ons.
Okta Essentials: Flexible, Cloud-Friendly, But Limited at the Base Tier
Okta is often praised for its flexibility and ease of use. It’s cloud-native, vendor-neutral, and integrates well with a wide range of SaaS apps. If you’re in a multi-cloud environment or trying to avoid vendor lock-in, Okta might appeal.
But the Essentials tier, the one most comparable in price to Entra P2’s NFP offering, has some limitations.
1. Adaptive MFA and SSO
Okta Essentials supports adaptive MFA and single sign-on (SSO), which are table stakes for any IAM platform. The MFA policies are solid, and Okta’s user experience is generally smooth.
2. App Provisioning and SCIM Automation
Okta shines when it comes to provisioning users into SaaS apps. It supports SCIM (System for Cross-domain Identity Management) and has a broad app catalog. If your organisation uses a lot of non-Microsoft apps, this could be a plus.
3. Lifecycle Workflows
Okta has good lifecycle automation capabilities, even at the Essentials tier. You can build workflows for onboarding, role changes, and offboarding. But again, to match Entra P2’s governance features, you’d need to upgrade or add modules.
4. Limited Governance and Risk Detection
This is where Okta Essentials starts to fall short. It doesn’t include full identity governance, access reviews, or AI-driven risk detection. You can get some of these features with higher-tier plans, but that adds cost and complexity.
Feature-by-Feature Comparison
Here’s a simplified snapshot of how the two platforms stack up:
| Feature | Microsoft Entra P2 | Okta Essentials |
|---|---|---|
| SSO | ✅ | ✅ |
| MFA | ✅ (risk-based) | ✅ (adaptive) |
| Conditional Access | ✅ (advanced) | ✅ |
| Identity Protection | ✅ | ⚠️ (limited) |
| Lifecycle Automation | ✅ | ✅ |
| Privileged Identity Mgmt | ✅ | ❌ |
| Access Reviews | ✅ | ⚠️ (partial) |
| Integration with Intune | ✅ | ⚠️ (via API) |
| Audit Logs | ✅ (advanced) | ✅ |
| API Access Mgmt | ✅ | ✅ |
| IGA Suite | ✅ | ⚠️ (partial) |
| Advanced Analytics | ✅ | ⚠️ |
| Admin Role Delegation | ✅ (time-bound) | ✅ |
So, Which One Should You Choose?
If your organisation is already using Microsoft 365, the answer is probably Entra P2. The integration is tighter, the security features are richer, and the pricing, especially for NFPs, is hard to beat.
Okta might make sense if you’re in a highly diverse tech environment or if you need best-in-class provisioning across a wide range of SaaS apps. But for most organisations, especially those trying to simplify and consolidate, Okta Essentials ends up being an added expense with limited upside.
And that’s not to say Okta isn’t a great product. It is. But when you compare what you get at the Essentials tier to what Entra P2 offers, especially at NFP pricing, it’s hard to justify the extra spend.
Final Thoughts
Identity management is one of those areas where the right choice can quietly save your organisation time, money, and risk. The wrong choice? It can lead to fragmented systems, frustrated users, and security gaps.
Microsoft Entra P2 isn’t perfect. No platform is. But it’s deeply integrated, feature-rich, and priced to support not-for-profits. For many organisations, it’s not just the better IAM solution, it’s the smarter strategic move.
If you’re still on the fence, consider running a pilot. Try Entra P2 in a small part of your organisation and see how it fits. You might be surprised how much easier things get when your identity platform just works, with everything else you already use.
Need help implementing Microsoft Entra P2, or Okta? Get in touch, we’d love to help.
managed it support articles
Related Blog Articles
Discover more insights to optimise your business with the latest IT trends and best practices. Stay ahead of the curve by learning how to leverage cutting-edge technology for success. Explore expert advice and valuable guidance to navigate the evolving world of IT solutions
