Okta

The integration between PlainID and Okta enables organizations to apply a continuous Authentication-Authorization process. The PlainID Okta Authorizer will continue the Authentication process carried out by Okta, to provide the full adaptive access the user is entitled to.

The main objective of Okta, as an IdP (Identity provider), is to handle the authentication process, this is mostly done based on well-defined protocols such as OIDC and SAML. The outcome of the process is an authentication token. During the Authentication process, the PlainID Okta Authorizer dynamically calculates and provides a list of claims and groups based on the policies defined within PlainID. These claims and groups will be used to enrich the token-minted Okta. The objective of the token enrichment flow is to dynamically and contextually calculate and provide the list of claims (Authorizations) to Okta, as part of the login process.

Use Example

Explanation

1. User logins to the application.
2. The app initiates an authentication process with Okta.
3. As part of the authentication process, Okta sends a request to PlainID via a webhook interface for authorization claims.
4. The PDP dynamically calculates the access decision. If needed (4.1), the Policy Information Point (PIP) pulls additional user or asset attributes from various data sources to calculate the access decision.
5. PDP returns access decisions containing claims to be used for enriching the access token minted by Okta.
6. Okta provides the app with an access token containing the dynamically calculated access decision.