Authorization

Flexible Authorization

• Add authorization information to any account, regardless of origin
• Integrate easily with common authorization frameworks using our pre-built libraries
• Use the built-in groups resource for role-based access control, or add custom profile attributes for more complex authorization scenarios

Role-Based Access Control

• Quickly separate users into groups
• Create a group with just one API call or a few clicks in our admin console
• Control which applications or features your users have access to at a high level

Fine-Grained Permissions

• Add custom user profile attributes to model access-control lists, claim-based permissions, or completely custom permissions schemes
• Perform authorization checks in application code based on user profile attributes

OAuth 2.0 and OpenID Connect

• Easily add claims to access or ID tokens via groups and profile attributes
• Use the powerful Okta Expression Language for fine-tuned control over claims and claim values