Authorisation

Control which apps and APIs your users have access to using attribute-based policies enforced through SAML and OAuth protocols

Gartner has predicted that APIs will become the primary attack vector by 2022. Additionally, OWASP has flagged the potential risks associated with APIs repeatedly in its list of top 10 critical security flaws.

Okta CIAM Authorization Hero

Are you a developer?

API Access Management

API Access Management

Create fine-grained API authorisation policies that combine the OAuth grant type, user group membership, and external data sources.

User Management Icon

Role-based access control to applications

Allow teams to establish, maintain, and audit authorisation policies based on group membership and user context without writing code.

Compliance icon

Centralised administration and monitoring

Capture real time access and authorisation logs to understand normal access and detect bad actors mid-attack.

API Access Management

Create fine-grained API authorisation policies that combine the OAuth grant type, user group membership, and external data sources.

OAuth 2.0 + extensions

We implement the base framework along with numerous extensions that make OAuth 2.0 directly applicable to the problems relevant to your architectures, applications, and use cases.

By maintaining pace with standards (and being involved in standards development), our customers are always maintaining pace with the forefront of API security and best practices.

Okta OAuth Logo

Flexible context-sensitive authorisation policies

Okta Customer Identity Authorization Token Revocation

Token revocation and introspection

  • RFC-compliant method to revoke a token immediately
  • OAuth-compliant token validation

API authorisation policies

API authorisation policies can take into account the OAuth grant type, user group membership, and external data sources.

  • Configurable access token and refresh token lifetime and expiration policies
  • OAuth Client specific policies to segregate and log customers, users, and applications separately
  • Integrate with internal systems to retrieve dynamic data or additional entitlements for downstream applications

Integration with API Gateways

Enable rapid application development and centralised, identity-driven API security.

Learn more

Role-based access control to applications

Allow teams to establish, maintain, and audit authorisation policies based on group membership and user context without writing code.

Okta Customer Identity Authorization App Level Policy Controls

Granular application-level policy controls

Assign granular application-level access controls using easy-to-administer application entitlement policies that can be assigned to groups of users without having to write code.

User consent

Allow downstream 3rd-party applications to prompt users for permission to access a set of scopes. User consent will remain valid until users choose to revoke these privileges.

Okta API Products Delegated Authorization

Centralised administration and monitoring

Capture real time access and authorisation logs to understand normal access and detect bad actors mid-attack.

Create and customise authorisation policies

Administrative dashboard to create authorisation servers that generate tokens with custom-defined scopes and claims.

Okta Customer Identity Authorization Custom Policies

Token preview

Preview the scopes, claims and values of your OAuth token.

Okta Customer Identity Authorization Token Preview

Real-time dashboard and system log

Real-time visibility and anomalous behaviour reports. As token-related events occur in Okta, including creation and revocation, notify external services outside of Okta with Event Hooks.

SSO Reporting

Trusted by

Authorisation