Authentication is a crucial part of any application development. Whether you are developing an internal IT app for your employees – or building a portal for your partners – or exposing a set of APIs for developers building apps around your resources, Okta Platform can provide the right support for your projects.
For IT or ISVs looking to use Okta as an identity provider, Okta provides several options for secure single sign-on. SAML has been widely used as the single sign-on protocol by many ISVs and is supported by many identity management solutions. Okta provides comprehensive guidance for developers to implement a proper SAML service provider. For IT building internal apps and would like to support SSO, SAML is also a good option.
OpenID Connect is the emerging technology providing an alternative implementation of single sign-on. Okta is a Certified OpenID Connect provider. Building on top of OAuth 2.0 framework, OpenID Connect is a modern implementation to support authentication and single sign-on. If you are an Okta customer, our OpenID Connect endopints are a great way to support SSO and is a simpler alternative to SAML.
For ISVs that are looking at providing SSO for their customers, both SAML and OpenID Connect are worth considering both to cover the wide variety of identity providers that you may encounter.
The login experience is perhaps the single most important user experience any app developer will need to consider. To provide a seamless, attractive, yet secure authentication experience is not a trivial task. And typically, the login logic goes hand in hand with other features such as password reset and registration. More importantly, enhanced security in the form of strong and adaptive authentication during login is often critical to many implementations.
Okta provides many options for developers around the authentication experience. Again, the core foundation is built on top of the underlying feature set in the Okta platform. Password policies, Strong and Adaptive Authentication policies, Password Reset Workflow – can all be configured easily in the Okta administration console in the Okta dashboard. Many of these policies can also be controlled through Okta’s API.
The underlying foundation for the sign-in widget and Auth SDK is a comprehensive set of authentication APIs covering all aspects of authentication exposed through the Okta Platform. It can be used as a standalone API to provide the identity layer on top of your existing application and authentication logic, or it can be integrated with the Okta Sessions API to obtain an Okta session cookie and access apps within Okta to provide a single sign-on experience across custom and Okta-managed apps.
For many consumer-facing applications, authentication and registration are increasingly relying on social identity providers such as Facebook, LinkedIn and Google. Okta has built-in support for these social identity providers to support new user registration, authentication and profile updates based on OAuth scopes from the social providers. For applications that have existing accounts, Okta also provides support for account linking existing Okta accounts to accounts on social identity providers.