Which is the best option for SSO implementation AWS SSO Vs Okta? I'm specifically looking for the advantages and disadvantages of each service to identify the best suitability for my system. These considerations have the most weight

1. Cost

2. Integration - Support for integration with existing directory services and mobile/web applications (SAML, ADFS, etc)

3. Ease of accessing logs for audit

In a short, Cognito is an identity broker, which can connect to other identity providers (IdP) to realize the authentication/authorization requirement, whereas Okta is an Identity Provider. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_common-scenarios_federated-users.html

You can set up OKTA as a SAML IdP in a Cognito user pool (https://aws.amazon.com/premiumsupport/knowledge-center/cognito-okta-saml-identity-provider/).

You can also configure federated authentication with other third-party providers like Facebook, Google, etc. using Cognito. Cognito also has its own user store.

To realize authorization requirements using Cognito you need to use an identity pool, which can authorize the invocation using AWS Identity Access Management (IAM) service. https://aws.amazon.com/premiumsupport/knowledge-center/cognito-user-pools-identity-pools/#:~:text=User%20pools%20are%20for%20authentication,for%20authorization%20(access%20control).

So if your SSO requirement is tied with AWS managed service invocation like API Gateway or Lambda integration, then Cognito is the most natural choice. Otherwise, if you need a robust, featured, industry-wide Identity Provider then OKTA can be the choice. https://www.trustradius.com/compare-products/amazon-cognito-vs-okta

Regarding pricing Cognito is cheaper than Okta I think. There is a Free Tier option in Cognito too. https://aws.amazon.com/cognito/pricing/

After free trial, OKTA will charge $2/user/mo for SSO (https://www.okta.com/pricing/), where Cognito will charge $0.0055/user/mo, which is far less.

Hope this will help you to take your decision.