Integrating with Okta management API endpoints might be a good idea if you are trying to read or manage Okta resources programmatically. This blog demonstrates how to securely set up a node application to interact with Okta management API endpoints using a service app. Okta API management endpoints can be accessed using an access token issued by the Okta org authorization server with the appropriate scopes needed to make an API call. This can be...

Read more

Embarking on a DevOps journey can be exciting and daunting, especially for beginners. The landscape is vast, and the learning curve can feel steep. One of the most common challenges is setting up and managing a robust Continuous Integration/Continuous Deployment (CI/CD) pipeline that ensures seamless integration and delivery of code changes. This guide aims to simplify that process by walking you through setting up a CI/CD pipeline for Okta using Terraform, AWS, and GitHub Actions....

Read more

We’ve been discussing and reflecting on the Future of Identity over the last couple of months. It’s apparent to us that Identity is rapidly growing in its complexity. The surface area that our customers need to protect is growing, like a sunrise revealing a hidden terrain in the morning twilight. We realize that in a short time, the growing demands of customers will start to influence the roadmaps of SaaS companies and their developers to...

Read more

In OAuth, a valid access token grants the caller access to resources and the ability to perform actions on the resources. This means the access token is powerful and dangerous if it falls into malicious hands. The traditional bearer token scheme means the token grants anyone who possesses it access. A new OAuth 2.0 extension specification, Demonstrating Proof of Possession (DPoP), defines a standard way that binds the access token to the OAuth client sending...

Read more

We use access tokens to request data and perform actions within our software systems. The client application sends a bearer token to the resource server. The resource server checks the validity of the access token before acting upon the HTTP request. What happens if the requesting party is malicious, steals your token, and makes a fraudulent API call? Would the resource server honor the HTTP request? If you use a bearer token, the answer is...

Read more

SMS has long played an important role as a universally applicable method of verifying a user’s identity via one-time passcodes. And over the last decade, SMS and voice-based Multifactor Authentication has prevented untold attempts to compromise user accounts But it’s time to move on.” Ben King, VP Customer Trust: BYO Telephony and the future of SMS at Okta SMS/Voice is too SIMple The one-time passcode (OTP) you send using SMS or Voice may not go...

Read more

PowerShell is a powerful command-line interface for automating tasks, scripting, and managing systems. Okta offers an official PowerShell module, an extremely powerful tool for administering your Okta org. In this blog post, we’ll explore how to utilize this. You’ll need a PowerShell terminal for your OS and the Okta PowerShell module. Install it through the PS Gallery, Chocolatey Package Manager, or the GitHub repository. Follow the instructions in the GitHub repository’s ReadMe to install the...

Read more

The Okta Workforce Identity Developer Podcast returns to discuss the OpenID Foundation’s Shared Signals Framework. Watch on the OktaDev YouTube channel Learn more about the Shared Signals Framework You can explore the Shared Signals Framework at sharedsignals.guide, and learn about Jamf’s SSF integration here. If you’d like to join a pilot program for using SSF to integrate with Okta, contact us at dev-advocacy at okta dot com. If signals about security events were available, which...

Read more

We are excited to have a presence at RSA Conference 2024! On Tuesday, May 7th, we will speak on Identity: Your key to stop breaches. Consider why you don’t want to miss this session: Attackers are not breaking in – they are logging in. Exploiting weak passwords, phishing credentials, and navigating privileged access is a hacker’s easiest way to infiltrate your organization. How can you fight back? Done right, identity is your first line of...

Read more

Your enterprise customers expect you to safeguard them from common security incidents, especially when it comes to compromised user accounts. Perhaps a user has signed in from a known stolen device or another country outside the list of allowed IP zones. If a hacker is masquerading as one of your customer’s employees, potentially accessing sensitive company data, you must end their session and sign them out of your app immediately. Bottom line, if you build...

Read more