Okta Developer Exam Study Guide

To learn how to prepare for your Okta Certification Exam, watch our video here.

Introduction

Congratulations! You are one step closer toward earning your Okta Certified Developer certification.

This exam study guide is designed to help you prepare for the Okta Developer Certification Exam. Passing this exam is a requirement for becoming an Okta Certified Developer. Detailed exam topics and available preparation resources are included in this guide. Reading this guide in no way guarantees a passing score on the Okta Developer Exam.

How to use this study guide

At minimum, we highly recommend that you thoroughly review each topic listed in the Developer Exam subject areas section of this study guide. Make sure you understand each topic. Every topic within that section relates to at least one question or one task on the exam. If you are not familiar with a topic, research it by either using one of the corresponding provided preparation resources or searching the Okta Help Center, Okta Product Documentation Library, or the Okta Developer Portal. Some topics are best learned through hands-on experience with the Okta service.

What does it mean to be an Okta Certified Developer?

Okta Certified Developers are technically proficient at building secure, seamless experiences, using Okta APIs and SDKs. Okta Certified Developers have experience working with RESTful APIs and developing web applications. They have a general understanding of authentication and authorization standards such as OpenID Connect (OIDC) and OAuth, as well as how Okta supports these standards for building authentication, flexible authorization, and role-based access control. Developers also have experience configuring authorization with API Access Management and implementing Single Sign-On (SSO) with OIDC. They have working knowledge of Okta Lifecycle Management and administrative APIs.

The primary candidates for the Okta Certified Developer certification are individuals who meet the following requirements at minimum:

  • More than four years of experience in a software development role
  • More than six months of hands-on experience implementing custom identity solutions with Okta
  • Experience using Okta API Access Management to secure APIs
  • Experience creating custom authorization servers, defining scopes and claims, and creaing policies and rules to secure APIs
  • Experience using Okta REST APIs and knowing how to pass the correct API parameters in requests.
  • Experience building client apps that authenticated users against Okta
  • Experience configuring OIDC and OAuth apps in Okta
  • Experience assigning and unassigning apps to users using Okta Users and Groups APIs
  • Knowledge of how to validate an authenticated user’s session
  • Understanding of the design principles of Okta APIs, including how to use pagination and how to filter query parameters on attributes
  • Knowledge of how to identify and work with Okta API rate limits
  • Knowledge of where to find the most current documentation and resources on Okta APIs
  • Experience using Okta APIs to query logs and events
  • Experience creating, updating, and deleting users, groups, and apps using Okta APIs
  • Knowledge of when to use Okta REST APIs, Sign-in Widgets, and SDKs
  • Understanding of the various Okta supported OIDC and OAuth flows, and knowledge of when to use them
  • Understanding the differences between an Org authorization server and a custom authorization server in the context of OIDC and OAuth
  • Understanding of how an Okta policy and the rules associated with that policy affect API calls and responses
  • Knowledge of how to enforce Okta multifactor authentication for users in client apps
  • Knowledge of how to interpret the common Okta API error codes
  • Understanding of the different ways to create Okta sessions for Single Sign-On, including redirectUrl, OIDC authorize, and Legacy Sessions API
  • Experience implementing the Okta Sign-in Widget with customizations
  • Knowledge of how to do implicit and hybrid flows from the Okta Sign-in Widget
  • Knowledge of how to create sessions in Okta using Okta APIs and SDKs
  • Knowledge of how to configure trusted origins (CORS, Redirect), and understanding of the effects of the configuration of trusted origin when redirecting users

About the Okta Developer Exam

Number and types of questions

This exam has two parts.

• Part I: 45 Discrete Option Multiple Choice Questions

• Part II: Four Performance-Based, Hands-on Use Cases

Exam takers complete Part I and then are permitted to start Part II.

Exam takers are not permitted to return to Part I after they have completed it and submitted their responses for grading.

Time allotted

Part I: 60 minutes

Part II: 90 minutes

IMPORTANT:

• Each part is timed separately. Any time left over from Part I does NOT carry over to Part II.

• Because this is a two-hour and 30 minutes exam, come fully prepared to sit through the entire exam. There is no break between parts I and II of this exam.

Exam fee

USD 250 (USD 100 for each subsequent retake)

Prerequisites

None (Recommended training and preparation resources are listed in the Developer Exam subject areas table at the end of this document.)

Understanding the types of items included on this exam

Part I of this exam includes Discrete Option Multiple-Choice (DOMC) items. Part II contains performance-based, hands-on use cases.

Understanding the DOMC Item Type

DOMC is a powerful measurement tool that produces reliable test scores. It does so by removing several “contaminants” that affect test outcomes but are unrelated to the knowledge and skills being tested. The DOMC item type levels the playing field, and more fairly measures your skills by improving:

  • Readability. Because you are required to read less text, the exam tends to take less time and places fewer demands on the slower reader or the non-native English speaker.
  • Fairness. When savvy test takers are unsure of an answer, they look for clues by comparing options or gleaning information from other items on an exam. DOMC removes this test taking advantage and serves as a powerful method to assess your actual knowledge.
  • Security. Instead of displaying all options at the same time, options are randomly presented one at a time. For each option presented, you must make a YES or NO decision to indicate whether you think the option is correct. Answer options are presented in random order, and in most instances, you are NOT presented with all the available options associated with a DOMC item. Item exposure is limited by presenting only a subset of the available options to you. Limiting item exposure helps ensure the integrity of the exam.

Scoring of a DOMC Item

You can be assured that the DOMC item type is scored fairly and with precision.

  • If you are presented with a correct option and respond YES, then that response is scored as “correct". A DOMC item can be programmed to require one or more correct responses in order to be complete and to be considered answered correctly. Typically, however, only one correct response is required.
  • If you are presented with a correct option and respond NO, then that item is scored as “incorrect”.
  • If you are presented with an incorrect option and respond YES, then that item is scored as “incorrect”.
  • If you are presented with an incorrect option, and respond NO (technically a correct response), the item is not scored until additional options are presented and responded to.

Note: Even after you respond correctly or incorrectly to an item, additional correct or incorrect options might be presented but yours responses to those options will not be scored at all. This is done to prevent you from guessing the correctness or incorrectness of a response.

The DOMC item format might require you to make some adjustments to your test-taking approaches. The reward of such effort is confidence that those test takers who are certified are truly competent in the areas tested on the exam and will represent excellence in the field.

To learn more about DOMC items, visit https://domc.caveon.com/home. In addition, the Okta Developer Standard Practice exam will help you become accustomed to the new test format. We highly recommend that you become familiar with the format of this item type before taking any Okta certification exams.

Understanding the performance-based use cases in Part II of this exam

Part II of this exam includes four performance-based hands-on use cases. Each use case consists of three or more tasks that you are asked to complete within Okta Preview Orgs. This part of the exam allows you to demonstrate your skill with the Okta service and Okta APIs in a natural way that mimics how developers use Okta on the job.

A use case begins with some general instructions that apply to all the tasks in that use case. The instructions for a use case are presented on a dedicated page labeled "Instructions."

Okta Developer Exam Study Guide.

After the instructions are the individual tasks, each on its own dedicated page and labeled accordingly.

Each task must be completed in the order presented. Tasks build on each other, so it is important to complete Task 1 in order to move on to Task 2 and so forth.

Okta Developer Exam Study Guide.

You can go back to previous tasks and make changes as necessary. However, it is important to note how changes made to a preceding task affect other tasks within the use case.

Scoring of a performance-based use case

Use cases are graded upon the submission of Part II of the exam or immediately at the end of the 90-minute time clock allotted for Part II.

Navigating Part II of this Exam

Logging in to your Okta org

When you get to the landing page for Part II of the exam, you are presented with a notice that your Okta org is being created. Once your org is created, you are presented with the following pieces of information:

1. Link to log into your org

2. The administrator username and password for your org

3. A downloadable file containing a set of Okta API collections for Postman

Submitting Part II of the Exam

You are provided with a red button labeled "Submit Exam" at the bottom of the landing page for Part II. After you have completed all of the use cases in Part II and you are ready to submit Part II, click the Submit button. When you do, you will be presented with a warning letting you know after you submit Part II, any subsequent configurations you make in your Okta org will not be included in the grading of your configurations for Part II.

Exam scheduling

Okta certification exams are administered and proctored by Examity®, a secure online proctoring service. Okta has partnered with Examity to protect the integrity of our certification exams. Online proctoring means that exams can be taken from almost any location at a time that is convenient for you, without requiring that you travel to a test center. Your Okta Developer Exam must be scheduled at least 24 hours in advance of the time you plan to sit for the test in order to avoid the additional fee associated with on-demand testing.

Preparing for the Okta Developer Exam

A combination of instructor-led training courses, self-paced learning, self-study, and on-the-job experience will prepare you to take this exam.

Training

Okta Education Services offers a range of classes and training materials to help you prepare for this certification exam. Although attending a training class does not guarantee success on an Okta certification exam, we strongly recommend that you attend the Okta Customer Identity for Developer course in preparation for this exam. This course covers 78% of the topics measured in the Okta Developer Exam. You can register for this course here: https://www.okta.com/services/training/.

Other Resources

  • The Okta Help Center contains a knowledge library of articles and videos, some of which are pertinent to topics covered on this exam.
  • The Okta Content Library offers searchable white papers with a rich body of information to explore before your exam.
  • The Okta Developer Portal provides extensive Okta Developer documentation and community forums to use in preparation for the exam.
  • Join the Okta Community to review questions, discussions, ideas, and blogs for additional exam preparation.

Developer Exam subject areas

The following tables list the topics that are covered in Parts I and II of this exam. These topics are grouped into topics areas, and topic areas roll up into domains/exam sections. Use these tables as an outline to guide your study and validate your readiness for the Okta Developer Certification Exam.

Part I

Exam Domain

Percentage of Part I Related to Domain

Authentication

9%

Compare and Evaluate Authentication Methods

 

  • Understand pros and cons of authentication types (e.g., custom login page vs. Okta login page)
  • Understand the Authentication API transactional model

Preparation resources:

Understand Methods for Creating an Okta Session

 

  • Contrast the different ways to set a session in Okta
  • Retrieve a Session Cookie using OIDC Connect Az Endpoint
  • Manage an Okta Session via the Okta Sessions API

Preparation resources:

SSO and API Access Management with OIDC and OAuth

18%

Enable an OAuth Client Application to Securely Access Services

 

  • Use the authorization code flow to obtain tokens
  • Validate tokens
  • Use a refresh token to obtain a new access token
  • Use the /revoke endpoint to revoke a token
  • Identify trusted and untrusted clients and the proper flows to use with each

Preparation resources:

Describe client types and flows

 

  • Explain why is authorization code flow more secure than implicit flow
  • Define which flow to use when a software or service needs to access an API using access token
  • Explain how OIDC achieves SSO
  • Explain which flow is appropriate for app types
  • Explain the difference between introspect call and signature validation
  • List all possible actors in an OIDC flow

Preparation resources:

Optimize the API consumption

 

  • Optimize the API consumption (performance)
  • Optimize the API consumption (security)

Preparation resources:

Lifecycle Management

16%

Use the Core API to Manage Users

 

  • Demonstrate understanding of the Users API and which operations can be performed
  • Manage Users via the Users API

Preparation resources:

User Objects, User States, and User Profile Sourcing

 

  • Demonstrate understanding of User Objects, User States, and User Profile Sourcing Options

Preparation resources:

Use the Core API - Groups

 

  • Manage Groups using the Groups API
  • Manage Group membership using the Groups API

Preparation resources:

Just-in-Time Provisioning (JIT)

 

  • Demonstrate understanding of how JIT works as well as when to use JIT

Preparation resources:

Administrative APIs

20%

Use the Core API - Schemas

 

  • Demonstrate understanding of the Okta User Schema
  • Demonstrate understanding of Okta Application Schemas

Preparation resources:

Use the Core API - Policy

 

  • Demonstrate understanding of Okta Policies and Rules and how these affect operations

Preparation resources:

Use the Core API - Factors

 

  • Demonstrate understanding of multi-factor authentication in Okta
  • Demonstrate understanding of the Factors API and which operations can be performed

Preparation resources:

Use the Core API - OAuth

 

  • Understand OAuth configuration in Okta
  • Understand API Access Management

Preparation resources:

Use the Core API - Apps

 

  • Understand applications in Okta

Preparation resources:

Debug Techniques

9%

Debug API-Related Issues

 

  • Investigate API-related issues using sys log, Administrator Dashboard, APIs, and tasks

Preparation resources:

Debug API Requests

 

  • Determine when to make API calls
  • Valid user states for API calls

Preparation resources:

Design Principles

18%

Apply the Okta API Design Principles

 

  • Make Okta API requests with the correct HTTP Verbs
  • Make Okta API requests using HTTP headers correctly
  • Make Okta API requests identifying the origin using User-Agent and X-Forwarded-For
  • Read and Understand the Okta API response headers
  • Read and Understand the Okta API response errors
  • Read and Understand the Okta API HTTP response codes

Preparation resources:

Okta API Rate Limiting

 

  • Read and Understand the Okta API Rate Limiting

Preparation resources:

Redirect or CORS as Trusted Origin

 

  • Identify when to use Redirect or CORS as Trusted Origin

Preparation resources:

App Logout and Global Logout

 

  • Implement App Logout and Global Logout (Okta)

Preparation resources:

Okta Hooks

9%

Inline Hooks

 

  • Implement token inline hooks
  • Implement registration inline hooks
  • Implement SAML assertion inline hooks
  • Implement password import inline hooks

Preparation resources:

Event Hooks

 

  • Create event hooks
  • Implement event hook objects
  • Implement event hook auth scheme objects

Preparation resources:

Working with the Sign-In widget for Authentication

2%

Okta Sign-in Widget Customization and Configuration

 

  • Configure and customize the Okta Sign-In Widget

Preparation resources:

 

Part II

Exam Domain

Percentage of Part II Related to Domain

Onboard new users using Okta’s Management SDK and User and Group APIs

27%

  • Manage users with Okta’s Management SDK and User and Group APIs

Preparation resources:

Federate an App through OIDC

33%

  • Provide federated access to an app using OIDC

  • Display claim data from the ID token

Preparation resources:

Securing an API using OAuth and Securely accessing an API from a client app using OAuth

20%

  • Secure an API using OAuth by verifying there is a valid bearer of token

  • Securely access API from a client application using OAuth in Okta

Preparation resources:

Implement the Okta Sign-In Widget for Authentication Purposes

20%

  • Implement a custom authentication experience with the Okta Sign-In Widget

  • Implement and enforce multifactor authentication

  • Create a session for a user

Preparation resources:

 

Sample exam items

Know what to expect on the day of the exam. Take the Okta Developer Standard Practice Exam to familiarize yourself with both the exam content and the format of the DOMC item type.

Click the button below to learn more.

Developer Standard Practice Exam

Note: We do not have items on this practice exam that are in the format of the performance-based tasks included in Part II of the Developer Exam. One way we recommend that you prepare for Part II of this exam is to sign up for a free Okta Developer Org and practice performing tasks like those described in the Exam Domains for Part II section of this document.

Preparation videos for Part II

In Part II, you will be required to use a few special tools to complete the use cases. Training videos on using these tools are provided through the following links:

Subject matter experts for the Okta Developer Exam

Okta certification exams are designed and built by subject matter experts who have extensive real world-experiences implementing and administering the Okta service.

Here is the list of subject matter experts who helped design and/or build this exam:

Kam Ahuja

Ona Allison

Praveen Atluri

Chris Barry

Frank Benus

Brandon Black

Keith Casey

Dan Cinnamon

Andy Clarke

HenkJan de Vries

Dragos Gaftoneanu

Brent Garlow

Chris Gustafson

Xuewei (Phoebe) He

Kees Hendriks

Thomas Kirk

Jim Knutson

Joost Koiter

Frederick Lee

Patrick Linnane

Eric Lynch

Andy March

Stefan Mationg

Muli Motola

Jeff Nester

Shawn Recinto

Bryan Rembold

Roger Renecke

Ryan Schaller

Micah Silverman

David Snyder

Venu Sripada

Neal Tillery

Jeff Tucker

Matt Undy

Jay Venkatraj

Dr. Steve Watts