Introducing the Okta Identity Engine

Okta Identity Engine Blog post

Today, we are excited to announce that Okta is unlocking the foundation of the Okta Identity Cloud. We’re turning over the Okta Identity Engine—a set of customizable building blocks for any identity experience—to you and your teams so that you can build trusted, seamless customer experiences that are tightly coupled with the rest of your technology stack. Put simply, the Okta Identity Engine makes limitless identity uses possible by making Okta fully customizable.

The Okta products you know and love have always followed pre-determined flows for authentication, registration, and authorization, and required distinct steps and checks for user verification. The Okta Identity Engine breaks these flows into composable steps, allowing for an expansion of customer and workforce identity use cases, and total customization per step. Each of these steps can be driven by the context of the user, specifically through an intent, an application, a device, or network. As part of this evolution, Okta is unveiling passwordless users, enhanced progressive profiling to limit friction, and per-app branding capabilities—all composable and customizable out-of-the-box.

Okta Identity Engine Blog Post Components

To see this in action, we might look under the hood of a typical user registration flow: a fan buying a ticket for the first time.

  • The fan goes to a ticketing website and decides to register in exchange for a first-time user discount. To register, the user is prompted to enter their name and email address.
  • Subsequently, an Event Hook pushes the user into the company’s email marketing system (e.g., Marketo). The user is now activated and can freely browse the website.
  • Sometime later, the user decides to make a purchase, at which time another set of flows can occur because a more sensitive experience is being accessed.
  • Starting with the click to purchase, the user is emailed a magic link to validate their email and register it as an authentication factor. Because the user has indicated higher engagement, the system can prompt for additional information, (known as progressive profiling), asking for geographic and other contextual information.
  • Once completed, the flow can authorize the user to use other company products, such as a payment app.

Each of these individual steps and components can be tweaked and customized based on organizational needs with minimal custom code.

The first set of use cases for the Okta Identity Engine include:

  • Passwordless user: Allows enterprises using Okta to, through simple UI configurations, build secure registration and authentication experiences without passwords. By using contextual data such as application and geolocation, and factors such as email, push or FIDO, developers can easily create a seamless user experience where a user is never prompted to enroll a password.
  • Progressive profiling: Prompts users for additional profile information only when required, eliminating long registration forms that can lead to abandonment.
  • Per-app branding: Provides the control to quickly create unique, app-specific branding, throughout the registration and authentication workflow of an application.

The Okta Identity Engine is the newest upgrade to the Okta platform. The combination of The Okta Identity Engine and Okta Hooks allows us to build and support trusted, tailored user journeys with secure, customer developer customization.


The Okta Identity Engine will be included in all existing Okta products. Customers will be able to use the applicable components of the Okta Identity Engine for the Okta products they have licensed. Okta expects that it will begin upgrading customers in the second half of 2019. Initial capabilities of the Okta Identity Engine, such as a passwordless user, progressive profiling with required attributes, and per app branding of the Hosted Okta Sign-in Widget are available in beta today. For more information, visit: