Okta's Identity-Driven API Access Management Securely Connects Apps & Services to Any API

Okta is bringing the power of identity management to securing APIs. Okta API Access Management is designed to help developers and IT secure APIs -- without slowing down API projects.

Tags: access, API, Apigee, cloud, identity, management, Mulesoft, OAuth, Okta, policy, security,

As APIs become a more popular option to help businesses speed up design and launch for new applications and services, IT is looking for simple, agile and reliable ways to secure these APIs. 


Okta is bringing the power of identity management to the task of API security.  Okta API Access Management is helping developers and IT secure their APIs -- without slowing down how businesses use APIs to share data with partners or promote outside developer communities.  


The premise behind Okta API Access Management is simple, according to Eric Berg, Okta’s chief product officer. To achieve the full agility that using APIs can deliver, developers also need a method for securing access to these APIs that is equally nimble.  

He noted that many know that ride sharing apps, such as Uber and Lyft, are the poster child examples for the power how APIs can drive new-gen apps that combine multiple services and datasets.  Today, all companies need to be ready for such API-driven innovation for their own businesses, saying “They have to seize the new possibilities that emerge when their core data systems are composed alongside public APIs. What remains is to ensure that access to these services is secure, so that every person gets the right content, data or functionality at the right time.” 


At its core, Okta API Access Management is designed to balance the often-conflicting needs for agility and security, according to Berg. It does so by marrying identity management and API management technologies to enable governed reuse of valuable systems of record based on a rich set of permissions.


Okta API Access Management provides a unified portable service for authorizing access to any API. This is based on user, app, and device context that is secure and always available, Berg added. Further, with these capability integrated with the Okta Identity Cloud, IT leaders and developers can centrally maintain one identity and one set of permissions for any employee, customer or partner, across every point of access: app, API or device, he said.


In his blog, Berg discussed the business case for more capabilities to secure APIs.   

“Most companies . . .have made massive investments in a portfolio of apps to run their businesses and they can’t simply throw these out and start over. They need to leverage their systems of record securely, quickly and efficiently. They have to seize the new possibilities that emerge when their core data systems are composed alongside public APIs. What remains is to ensure that access to these services is secure, so that every person gets the right content, data or functionality at the right time.”

Okta API Access Management sports features to address these challenges -- for both developers and IT, he added. Developers can more easily define which apps, devices and people can connect to an API, and how. IT operations can implement consistent security controls over sensitive systems of record. This allows IT to support developer needs for speed and agility.


Okta’s approach is a welcomed one at Pitney Bowes. 


“Okta is central to our API security strategy. By integrating Okta’s best-of-breed identity with best-of-breed API management, we can secure API access based on the end-user context,” said Pitney Bowes senior vice president of technology James Fairweather in a statement,  Okta’s OAuth 2.0 capability gives the company “a complete identity solution that can securely and efficiently manage access to protected resources” resident in the Pitney Bowes Commerce Cloud.  This translates to big boosts in agility, Fairweather adding, saying,  “There’s just one customer identity to manage, and that’s the beauty of it.”


Okta’s Brings Together Identity and API Features; Supports API Partnerships

Okta’s new API Access Management provides:

  • OAuth 2.0 API authorization: Okta API Access Management has standard-compliant OAuth 2.0 support for any app or service.
  • Flexible identity-driven policy engine: Okta API Access Management leverages Okta’s user-centric policy engine to manage API access. Admin can define access policies based on user profiles, group memberships, network zones, devices, clients, users – along with requirement for added administrator consent to access. Access is granted and revoked in real-time, even as administrators change user permissions.
  • Centralized administration across APIs: The console allows for consistent creation, maintenance and audit of API access policies based on native identity objects without custom code.


These and other Okta features provide developers and IT some key visibility and management benefits, including: 


Complete Authentication: unify and secure sign-in with complete, powerful options for primary and multi-factor authentication.


User Management: centralize, store, and manage users; sync user profile data across systems; and keep PII safe.


Flexible Administration: let partner orgs manage their own users with flexible options for policy and admin delegation.


API Access Management: identity-driven authorization for any app or service, with user-friendly and centralized administration across all your APIs.


Developer Tools: launch faster with expert support, guides, code samples, and SDKs.


Further supporting the API approach, Okta API Access Management is compatible with API management solutions from Apigee and MuleSoft to create a complete digital transformation solution.  Apigee officially announced this week it will be acquired by Google.


Chris Arisian, head of strategic business development at Apigee, confirmed in a written statement that the Okta-Apigee integration will make it much easier for any Apigee customer to take advantage of Okta’s API Access Management for their authentication and authorization needs.   


Similarly, Greg Spray, Vice President of Product Management at MuleSoft, said partnering with Okta will enable joint customers to create application networks with unprecedented agility and security.