Authorisation

Control which apps and APIs your users have access to using attribute-based policies enforced through SAML and OAuth protocols

Gartner has predicted that APIs will become the primary attack vector by 2022. Additionally, OWASP has flagged the potential risks associated with APIs repeatedly in its list of top 10 critical security flaws.

Try Okta

Start building for free

API Access Management

Create fine-grained API authorisation policies that combine the OAuth grant type, user group membership, and external data sources.

Learn more

Role-based access control to applications

Allow teams to establish, maintain, and audit authorisation policies based on group membership and user context without writing code.

Learn more

Centralised administration and monitoring

Capture real time access and authorisation logs to understand normal access and detect bad actors mid-attack.

Learn more

Create fine-grained API authorisation policies that combine the OAuth grant type, user group membership, and external data sources.

OAuth 2.0 + extensions

We implement the base framework along with numerous extensions that make OAuth 2.0 directly applicable to the problems relevant to your architectures, applications, and use cases.

By maintaining pace with standards (and being involved in standards development), our customers are always maintaining pace with the forefront of API security and best practices.

Flexible context-sensitive authorisation policies

Okta Customer Identity Authorization Token Revocation

Token revocation and introspection

RFC-compliant method to revoke a token immediately
OAuth-compliant token validation

API authorisation policies can take into account the OAuth grant type, user group membership, and external data sources.

Configurable access token and refresh token lifetime and expiration policies
OAuth Client specific policies to segregate and log customers, users, and applications separately
Integrate with internal systems to retrieve dynamic data or additional entitlements for downstream applications

Enable rapid application development and centralised, identity-driven API security.

Learn more

Allow teams to establish, maintain, and audit authorisation policies based on group membership and user context without writing code.

Okta Customer Identity Authorization App Level Policy Controls

Granular application-level policy controls

Assign granular application-level access controls using easy-to-administer application entitlement policies that can be assigned to groups of users without having to write code.

User consent

Allow downstream 3rd-party applications to prompt users for permission to access a set of scopes. User consent will remain valid until users choose to revoke these privileges.

Okta API Products Delegated Authorization

Capture real time access and authorisation logs to understand normal access and detect bad actors mid-attack.

Administrative dashboard to create authorisation servers that generate tokens with custom-defined scopes and claims.

Okta Customer Identity Authorization Custom Policies

Preview the scopes, claims and values of your OAuth token.

Okta Customer Identity Authorization Token Preview

Real-time visibility and anomalous behaviour reports. As token-related events occur in Okta, including creation and revocation, notify external services outside of Okta with Event Hooks.