Last updated: Sep 16, 2019

Integration detail

Kong API Gateway


Kong API Gateway integrates with Okta API Access Management (OAuth as a Service) to secure internal and external API traffic, in two different deployment scenarios: 1 - An authorization-tier integration, where authentication will be happening outside of Kong. A web application will handle authentication vs. Okta, acquiring an access token, and sending that access token to Kong on behalf of the end user. 2 - Kong itself handles authentication vs. Okta, and passes user info to upstream apps.

The Challenge

  • API production and consumption is exploding, overburdening IT teams
  • Microservices, partner integrations, and public APIs are driving this growth
  • Securing all these APIs is harder – and more important – than ever
  • Asking each engineering team to implement their own API security is wasteful and risky

The Solution

API consumers authenticate once through Okta, and receive an access token

Kong enforces token validity when consumers try consuming APIs

API consumers can easily access the APIs they’re authorized to access—and only those

Okta also secures the developer portal and Kong admin access

Federated Single Sign-On

Secure APIs without sacrificing agility

Whether public-facing or internal-only, APIs should be accessible only to authorized parties. Previously, implementing API access control required each engineering team to independently build and maintain security at the service or application level. Now, by delegating security to Okta + Kong, engineering teams can move quickly without compromising the safety of enterprise assets.

Documents cropped

Enjoy intuitive, standards-based integration

Okta and Kong work perfectly together because each implements identity and access management standards like OAuth and OpenID Connect. Employees, partners, and other authorized end users can easily understand and quickly implement the integration, because it’s based on open standards.

Whitepaper cropped

Add a developer portal and API analytics

Okta and Kong integrated together bring admin access, a developer portal for teaching consumers how to use your APIs, and an analytics feature to understand how your APIs are being used together in one complete, easy-to-manage API experience.

Okta OIN Kong diagram

Secure and manage access to APIs and developer tools

  • Okta + Kong connect quickly to implement speedy API access control
  • Standards-based integration makes the Okta + Kong combination easy to understand, implement, and extend
  • Okta secures Kong’s API developer portal and administrator access for seamless control
  • Dev teams regain agility, once they’re freed from building and maintaining API security, analytics, and documentation
Okta Verified
Okta Verified
The integration was either created by Okta or by Okta community users and then tested and verified by Okta.