Try Okta
Sign In

Authorisation

Control which apps and APIs your users have access to using attribute-based policies enforced through SAML and OAuth protocols

Gartner has predicted that APIs will become the primary attack vector by 2022. Additionally, OWASP has flagged the potential risks associated with APIs repeatedly in its list of top 10 critical security flaws.

Try Okta  
Okta CIAM Authorization Hero

Are you a developer?

Start building for free

icon-AuthenticationFactors Created with Sketch.
API Access Management

Create fine-grained API authorisation policies that combine the OAuth grant type, user group membership, and external data sources.
Role-based access control to applications

Allow teams to establish, maintain, and audit authorisation policies based on group membership and user context without writing code.
icon-Policy Created with Sketch.
Centralised administration and monitoring

Capture real time access and authorisation logs to understand normal access and detect bad actors mid-attack.

API Access Management

Create fine-grained API authorisation policies that combine the OAuth grant type, user group membership, and external data sources.

OAuth2 as a service, secure access to APIs

OAuth 2.0 + extensions

We implement the base framework along with numerous extensions that make OAuth 2.0 directly applicable to the problems relevant to your architectures, applications, and use cases.

By maintaining pace with standards (and being involved in standards development), our customers are always maintaining pace with the forefront of API security and best practices.

Flexible context-sensitive authorisation policies

Okta Customer Identity Authorization Token Revocation

Token revocation and introspection

  • RFC-compliant method to revoke a token immediately
  • OAuth-compliant token validation

API authorisation policies

API authorisation policies can take into account the OAuth grant type, user group membership, and external data sources.

  • Configurable access token and refresh token lifetime and expiration policies
  • OAuth Client specific policies to segregate and log customers, users, and applications separately
  • Integrate with internal systems to retrieve dynamic data or additional entitlements for downstream applications

Integration with API Gateways

Enable rapid application development and centralised, identity-driven API security.

Learn more

Role-based access control to applications

Allow teams to establish, maintain, and audit authorisation policies based on group membership and user context without writing code.

Okta Customer Identity Authorization App level Policy Controls

Granular application-level policy controls

Assign granular application-level access controls using easy-to-administer application entitlement policies that can be assigned to groups of users without having to write code.

Okta API products delegated authorization.

User consent

Allow downstream 3rd-party applications to prompt users for permission to access a set of scopes. User consent will remain valid until users choose to revoke these privileges.

Centralised administration and monitoring

Capture real time access and authorisation logs to understand normal access and detect bad actors mid-attack.

Create and customise authorisation policies

Administrative dashboard to create authorisation servers that generate tokens with custom-defined scopes and claims.

Okta Customer Identity Authorization Custom Policies

Token preview

Preview the scopes, claims and values of your OAuth token.

Okta Customer Identity Authorization Token Preview

Real-time dashboard and system log

Real time visibility and anomalous behavior reports. As token-related events occur in Okta, including creation and revocation, notify external services outside of Okta with Event Hooks.

SSO Reporting 0

Trusted by
Key cropped V3

Authorisation

Try Now

To learn more, go to the US version of our website.