Introducing the Okta Devices SDK and API: A Better Way to Secure and Delight Mobile Users

The world has increasingly become mobile-first, with customers demanding seamless experiences across all of their devices to interact with brands, services, and products. But when it comes to building these customer experiences, developers are often forced to make tradeoffs between usability and security—difficult choices that inevitably decrease customer engagement and waste valuable developer resources on functionality that rarely differentiates an app. What if you could balance frictionless customer experiences and secure, passwordless sign-in flows, without heavily relying on developer resources? Using Okta, you can, and it’s the latest way we’re making security stronger, experiences better, and developers’ lives easier. 

We’ve been paving the way for a passwordless future for a while now. Earlier this year at Oktane20, we announced Okta FastPass, a breakthrough passwordless experience for the workplace. Today, we’re excited to share how we’re extending the passwordless mission to customer-facing applications and devices with the Okta Devices SDK and the Devices API. These new innovations put the power of uniting user identity and device identity directly in the hands of developers to eliminate usability and security tradeoffs altogether. 

Unlike any other SDK of its kind, the Okta Devices SDK offers mobile developers on every major platform everything they need to build bespoke, passwordless sign-in flows. These flows include brandable, embeddable Okta Verify with push notifications and biometric capabilities—all in a single integration.

Enhance the omnichannel experience

With an estimated seven billion mobile users by 2021, tailoring customer experiences across all channels is critical to enhancing customer engagement. Developers need to reduce friction across omnichannel experiences, while still implementing high assurance security factors into the login experience. Passwords are notoriously cumbersome and insecure, as are factors like SMS and voice, so developers need to replace them with convenient and secure passwordless alternatives. And to further enhance the login experience, end users need the ability to easily and securely manage their devices. 

Unifying user identity and device identity

Powered by the Okta Devices Platform Service, the Okta Devices SDK and the Devices API offer a single integration to unify user identity and device identity, along with all of the tools necessary to build passwordless sign-in flows through branded push notifications and biometric capabilities. All of these powerful functionalities come together to deepen security without sacrificing customer engagement. 

Branded, embeddable Okta Verify Push 

Consistent branding across all of your digital touchpoints is an important way to create a cohesive customer experience. Using the Okta Devices SDK, developers can embed Okta Verify push capabilities into their mobile application, or even build their own branded Okta Verify mobile application. In either case, developers can send customisable, branded push notifications and use biometrics for a frictionless login experience. 

Passwordless experience

We’re saying goodbye to passwords, and we want our customers to join us. Passwords are not only insecure, but also inconvenient for end users, especially in a mobile-first world. Using the Devices SDK, developers can build a fully passwordless authentication experience, where end-users can use frictionless biometric capabilities like FaceID to log in, without ever needing a password or PIN. In the future, the Devices SDK will also be able to capture device security posture to provide secure, seamless access.

Transparent device management

The Devices API binds user and device identity by creating device identity and registration records in a user’s Okta Universal Directory (UD) profile. By establishing this trusted and binding relationship, end users have more power and visibility into their devices. They can easily register their devices within UD, and also rely on self-service device removal if their device has been lost or stolen. Using the Devices API, organisations can securely manage device lifecycle, while end users still have visibility and control. 

Secure and delight your end users 

By unifying user and device identity, organisations can enhance omnichannel experiences and increase customer engagement in a way that is both secure and seamless. Using the Okta Devices SDK and the Devices API, developers can reduce the friction of adding multi-factor authentication to their custom applications with a single integration for passwordless login—including cohesive, branded push notifications and biometrics. And powerful device management capabilities will allow end-users to easily register and remove trusted devices for authentication, all via self-service. 

Get started

The Devices SDK and the Devices API will be in Early Access in Q1 of 2021. If you’re interested in learning more, please reach out to your customer success manager or Okta account representative.

For more information, check out our Devices page, or contact us with questions.