Okta Launches New Identity-Driven API Access Management Product

New Product Enables Developers and IT to Connect Applications and Services Securely to Any API

Las Vegas — Aug. 30, 2016 — Today at Oktane16 in Las Vegas, Okta, the leading provider of identity for the enterprise, launched a new product to secure APIs for businesses that are building products, sharing data with partners, and enabling third-party developer ecosystems. Okta’s new API Access Management product solves modern challenges for both developers and IT. Every API developer must define which apps, devices and people can connect to an API, and how. Additionally, IT leaders must enable developer productivity across disparate teams while implementing consistent security controls over sensitive systems of record. While OAuth 2.0 has become the modern standard for API authorization, organizations still working with traditional solutions face significant challenges, including the costs of operating, scaling and securing on-prem software, and the complexity of maintaining fragmented custom-coded policies. With this new capability fully integrated to the Okta Identity Cloud, IT leaders and developers can now, for the first time, centrally maintain one identity and one set of permissions for any employee, customer or partner, across every point of access: app, API or device.

Businesses are building APIs to reduce the time to market for new applications and services by enabling the reuse of existing systems of record. To achieve the full agility that these APIs create, developers need a method for securing access that is equally nimble. Okta API Access Management reduces development time, boosts security, and enables seamless end-user experience by providing teams across an organization with a unified portable service for authorizing access to any API based on user, app, and device context that is secure and always available.

“Companies everywhere are transforming their business and going digital. They have to deliver and secure new technology-powered user experiences for their employees, partners and customers that span existing on-premises and new cloud services,” said Eric Berg, Chief Product Officer at Okta. “Okta plays a key role in securing user access for digital experiences and with our new API Access Management product, we extend from managing identity into managing service-to-service access. We’re enabling rich, secure user experiences while also making it easy to centrally administer API access policies across all of your apps.”

Okta API Access Management includes:

  • OAuth 2.0 API authorization. Okta API Access Management has standard-compliant OAuth 2.0 support for any app or service.
  • Flexible identity-driven policy engine. Designed for every type of user and service, Okta API Access Management leverages Okta’s rich core policy engine so administrators can define access policies based on user profile, group membership, network zone, device, client, user or administrator consent. Access is granted and revoked in real-time as administrators change user permissions.
  • Centralized administration across APIs. The user-friendly console in Okta API Access Management allows for consistent creation, maintenance and audit of API access policies based on native identity objects without custom code.
  • Partnership with leading API management vendors. Okta API Access Management has proven compatibility with API management solutions from Apigee and MuleSoft to create a complete digital transformation solution.

Pitney Bowes Uses Okta API Access Management to Secure the Pitney Bowes Commerce Cloud

Pitney Bowes is a global technology company offering innovative products and solutions that enable commerce in the areas of customer information management, location intelligence, customer engagement, shipping and mailing, and global ecommerce. More than 1.5 million clients in approximately 100 countries around the world rely on products, solutions and services from Pitney Bowes. The Pitney Bowes Commerce Cloud helps clients identify customers, locate opportunities, facilitate communications and manage shipping and payments.

“Okta is central to our API security strategy. By integrating Okta’s best-of-breed identity with best-of-breed API management, we can secure API access based on the end-user context,” said James Fairweather, Senior Vice President of Technology at Pitney Bowes. “Thanks to Okta’s OAuth 2.0 capability, we have a complete identity solution that can securely and efficiently manage access to protected resources in the Pitney Bowes Commerce Cloud. Okta gives us an unprecedented level of agility, connecting all our digital experiences for the foreseeable future. There’s just one customer identity to manage, and that’s the beauty of it.”

Okta Partners with Apigee + Mulesoft

Okta API Access Management has demonstrated compatibility with API partners Apigee and MuleSoft to provide organizations with a digital transformation solution that can work for any app or service the company builds.

Apigee delivers a leading API management platform for digital business. Many of the world’s largest organizations, including more than 30 percent of the Fortune 100, have selected Apigee to help securely deliver and manage their business-critical APIs, with agility and at scale.

“As the API economy extends well beyond simply connecting services to creating entire digital ecosystems of value, demand for security and identity capabilities is growing,” said Chris Arisian, head of strategic business development at Apigee. “We are excited to partner with leading companies like Okta to extend the capabilities of the Apigee API platform. The Okta-Apigee integration will make it much easier for any Apigee customer to take advantage of Okta’s API Access Management their authentication and authorization needs.”

MuleSoft, provider of the leading platform for building application networks, makes it easy to connect the world's applications, data and devices. With MuleSoft’s API-led approach to connectivity and security by design in building application networks, CIOs and CISOs can create alignment between agility requirements and security requirements. MuleSoft’s Anypoint Platform™ is a complete solution for API-led connectivity that creates a seamless application network of applications, data, and devices, both on-premises and in the cloud.

“By bringing IT investments together in an application network, CIOs and CISOs can enable agility and security. Anypoint Platform allows organizations to create and build well-defined and well-managed APIs and connectivity, which come with built-in security and governance,” said Greg Spray, vice president of product management at MuleSoft. “Through our partnership with Okta, our customers can create application networks with unprecedented security by design and unparalleled agility to power the creation of modern apps, partner integration and third party developer ecosystems.”

For more information on Okta API Access Management, please visit: https://www.okta.com/blog/2016/08/api-access-management/

About Apigee

Apigee® (NASDAQ: APIC) provides a leading API platform for digital business. Many of the world's largest organizations select Apigee to enable their digital business, including more than 30 percent of the Fortune 100, four of the top five Global 2000 retail companies, and five of the top 10 global telecommunications companies. Apigee customers include global enterprises such as Walgreens, Burberry, Morningstar, and First Data. For more information, go to http://apigee.com.

About Mulesoft’s Anypoint Platform

MuleSoft’s Anypoint Platform™ is a complete solution for API-led connectivity that creates a seamless application network of apps, data, and devices, both on-premises and in the cloud. This hybrid integration platform includes iPaaS, ESB, and a unified solution for API management, design and publishing.

MuleSoft is a registered trademark of MuleSoft, Inc. All other marks are those of respective owners.