Easily connect with partners that have their own IDP or access management deployment; federate using SAML or OIDC.
Allow users to sign in with their existing credentials from any SAML-compliant IDP or access management deployment.
Allow users to sign in with their existing identity from any OIDC-compliant system.
Command and control
Okta is a customizable identity platform. You can quickly deploy separate Okta tenants for each of your customers or partners. Connect them to individual applications for each customer, or connect everyone to a common application
Securely segregate your internal workforce and external customer base.
Segregate partner identities to live in a separate entities while preserving all your internal employee identities.
Securely segregate each of your own customers with their own Okta tenant.
Customize branding based on app context
Tailor the look and feel of the identity experience from registration to authentication to authorization to match your partner’s or customer’s brands.
Connect your customer's LDAP or Active Directory; synchronize user accounts to Universal Directory.
Just-in-time account creation
On-demand creation of external users at time of authentication
Reduce upfront workload of creating users before they login
AD & LDAP
Seamlessly import customer identities
Import and synchronize identities from AD/LDAP
Small outbound HTTPS agent which runs on a schedule or manual, built in automatic rules for user creation and can be scoped for a specific user base using standard LDAP queries or OUs
Automatically de-provision user
Centralized directory management
Automatically map users in AD and LDAP to Okta’s Universal Directory
A read-only account is used to execute an LDAP query against AD. The results are automatically sent to Okta and can be used to easily create users
Central view of all your customer's directories
Import Inline Hooks
Easily migrate customer profile data from existing user stores with customizable data clean up and profile enrichment. Combine data from multiple sources into Okta’s centralized Universal Directory.
Defer authentication to AD or LDAP as the source of truth, which allows you to maintain access controls form your local directory rather than store directory credentials in Okta. Delegated authentication is automatic and allows high availability.