I’ve used and implemented both. A case can be made for Google Workspace as an IDP if you don’t need all the bells and whistles. It is extremely secure and generally, engineering practices at Google give me much more confidence than Okta.
I’ve spent quite a lot of time interacting with Okta support over system issues and frankly that experience does not leave me assured. My sense is that perhaps they’re wrangling software that has grown exponentially in size and complexity as they try to accommodate the myriad use cases.
I've used and implemented both too. You immediately out grow Google Workspace as an IDP whenever you need to do role based access control, like AWS Session Manager for machine access instead of long lived SSH keys. Which is a pretty major shortcoming for an IDP to have.
I'm not suggesting everyone should use Okta either. Frankly I'm not the biggest fan of it myself. But I wouldn't argue it's less secure than Google Workspace when the big G forces you to workaround it's limitations with less secure implementations.
100%, living this for many years. Google IDP is great for a shop who doesnt need elaborate identity needs. It quickly falls apart when trying to manage an enterprise of any complexity.
Okta is quite flexible and supports a lot of tech you want (WebAuthN/SCIMv2 provisioners for popular platforms/all the SSO/API integration/workflows), but comes with it's own set of warts and dysfunction (api rate limits, quirky AD integration with anything complicated).
Probably any of them would be suitable, if you are comfortable building your own custom tooling AROUND their APIs. Almost none of them will do exactly what you need out of the box.
I’ve spent quite a lot of time interacting with Okta support over system issues and frankly that experience does not leave me assured. My sense is that perhaps they’re wrangling software that has grown exponentially in size and complexity as they try to accommodate the myriad use cases.