Okta makes authorization easy by helping you control what users have access to in your application or API.

Flexible Authorization

  • Add authorization information to any account, regardless of origin
  • Integrate easily with common authorization frameworks using our pre-built libraries
  • Use the built-in groups resource for role-based access control, or add custom profile attributes for more complex authorization scenarios

Role-Based Access Control

  • Quickly separate users into groups
  • Create a group with just one API call or a few clicks in our admin console
  • Control which applications or features your users have access to at a high level

Fine-Grained Permissions

  • Add custom user profile attributes to model access-control lists, claim-based permissions, or completely custom permissions schemes
  • Extend tokens with dynamic data or additional entitlements from internal systems for seamless migration and faster integration
  • Perform authorization checks in application code based on user profile attributes

OAuth 2.0 and OpenID Connect

  • Easily add claims to access or ID tokens via groups and profile attributes
  • Use the powerful Okta Expression Language for fine-tuned control over claims and claim values