<!DOCTYPE html> <html lang="en-US"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width,initial-scale=1"> <title>Identity and Access Management (IAM) overview | Okta Developer</title> <meta name="generator" content="VuePress 1.9.8"> <link rel="stylesheet" href="https://static.cloud.coveo.com/searchui/v2.8959/14/css/CoveoFullSearch.min.css" integrity="sha512-DzuDVtX/Dud12HycdAsm2k9D1UQ8DU7WOj7cBRnSsOKQbKfkI94g0VM9hplM0BkQ0VXdDiQYU9GvUzMmw2Khaw==" crossorigin="anonymous"> <script class="coveo-script" src="https://static.cloud.coveo.com/searchui/v2.8959/14/js/CoveoJsSearch.Lazy.min.js" integrity="sha512-RV1EooPduQhwl0jz+hmjBw/nAtfeXNm6Dm/hlCe5OR1jAlG4RErUeYfX1jaaM88H8DiyCJDzEWZkOR0Q13DtrA==" crossorigin="anonymous" defer="true"></script> <script src="https://geoip-js.com/js/apis/geoip2/v2.1/geoip2.js"></script> <link rel="apple-touch-icon" sizes="180x180" href="/favicon/favicon.png"> <link rel="icon" type="image/png" href="/favicon/favicon.png"> <link rel="icon" type="image/svg" sizes="32x32" href="/favicon/favicon.svg"> <link rel="icon" type="image/svg" sizes="16x16" href="/favicon/favicon.svg"> <link rel="manifest" href="/favicon/manifest.json"> <link rel="mask-icon" href="/favicon/favicon.png"> <link rel="preload" href="https://use.typekit.net/osg6paw.css" as="style" crossorigin="true"> <link rel="stylesheet" href="https://use.typekit.net/osg6paw.css" crossorigin="true"> <meta name="msapplication-config" content="/favicon/browserconfig.xml"> <meta http-equiv="XA-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script> window.dataLayer = window.dataLayer || []; var isProduction = window.location.hostname === 'developer.okta.com'; if (isProduction) { // START Google Tag Manager - main container (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= '//www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-KXMLV58'); // END Google Tag Manager } </script> <meta name="description" content="Secure, scalable, and highly available authentication and user management for any app."> <meta name="msapplication-config" content="/favicon/browserconfig.xml"> <meta http-equiv="XA-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <link href="https://developer.okta.com/docs/concepts/iam-overview/" rel="canonical" /> <link rel="preload" href="/assets/css/2.styles.0869859c.css" as="style"><link rel="preload" href="/assets/js/app.b97ec255.js" as="script"><link rel="preload" href="/assets/js/187.5508db82.js" as="script"><link rel="preload" href="/assets/js/189.a6e86ca6.js" as="script"><link rel="preload" href="/assets/js/66.675f21c0.js" as="script"><link rel="preload" href="/assets/js/227.b1a8687e.js" as="script"><link rel="preload" href="/assets/js/190.07ae6ea9.js" as="script"><link rel="preload" href="/assets/js/221.7e0ac1a4.js" as="script"><link rel="preload" href="/assets/js/81.62ed5f70.js" as="script"><link rel="preload" href="/assets/js/206.d8faf25b.js" as="script"><link rel="preload" href="/assets/js/208.682de341.js" as="script"><link rel="preload" href="/assets/js/218.ab9b48c8.js" as="script"><link rel="preload" href="/assets/js/82.24fa6b88.js" as="script"><link rel="preload" href="/assets/js/212.20c7d3ff.js" as="script"><link rel="preload" href="/assets/js/197.7a7ff7f9.js" as="script"><link rel="preload" href="/assets/js/222.685f9f10.js" as="script"><link rel="preload" href="/assets/js/204.178b13e6.js" as="script"><link rel="preload" href="/assets/js/364.9f26ec2b.js" as="script"><link rel="preload" href="/assets/js/207.ffb83b59.js" as="script"><link rel="preload" href="/assets/js/193.f4f18a80.js" as="script"><link rel="preload" href="/assets/js/65.eaf0931c.js" as="script"><link rel="preload" href="/assets/js/217.241463d0.js" as="script"> <link rel="stylesheet" href="/assets/css/2.styles.0869859c.css"> </head> <body> <div id="app" data-server-rendered="true"><div class="layout"><div class="fixed-header"><div class="header-banner" style="display:none;" data-v-3d4eeb36><div class="header-banner-content" data-v-3d4eeb36><p data-v-3d4eeb36> Check out our new and improved <a href="https://developer.okta.com/docs/api/" target="_blank" data-v-3d4eeb36> API documentation! ↗ </a></p></div> <!----></div> <header class="page-header"><a href="/" class="header--logo"><img src="/img/logotype.svg" width="180" height="28" alt="Okta developer logotype"></a> <div class="menu--slideout"><div class="search--slideout opened"><div class="search--wrapper"><div data-search-bar data-pipeline="developer-okta-com" class="SearchBox"><div class="search--form"><div class="CoveoOmnibox"></div></div> <div class="CoveoAnalytics"></div></div></div></div> <div class="header--links"><ul class="menu--items menu--desktop"><li index="0" class="expandable"><span class="link link--small link--semi-bold">Community</span> <ul class="submenu--items"><li><a href="https://devforum.okta.com" target="_blank" rel="noopener noreferrer" class="link link--small link--semi-bold link--black"><span>Forum</span></a> <!----></li><li><div class="menu--divider"></div> <!----></li><li><div class="menu--icons"><a href="https://github.com/oktadev" target="_blank" rel="noopener noreferrer" class="menu--icon"><i><svg width="19" height="18" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M17.214 4.595a9.185 9.185 0 00-3.358-3.358C12.443.412 10.9 0 9.226 0 7.552 0 6.008.412 4.595 1.237a9.184 9.184 0 00-3.358 3.358C.412 6.008 0 7.552 0 9.225c0 2.01.587 3.818 1.76 5.424 1.173 1.606 2.689 2.717 4.546 3.333.217.04.377.012.48-.084a.47.47 0 00.157-.36l-.006-.649c-.004-.408-.006-.764-.006-1.069l-.276.048a3.52 3.52 0 01-.667.042 5.092 5.092 0 01-.835-.084 1.866 1.866 0 01-.805-.36 1.524 1.524 0 01-.528-.739l-.12-.276a3.003 3.003 0 00-.379-.613c-.172-.224-.346-.376-.522-.456l-.084-.06a.882.882 0 01-.156-.144.66.66 0 01-.108-.169c-.025-.056-.005-.102.06-.138.064-.036.18-.054.348-.054l.24.036c.16.032.358.128.595.289.236.16.43.368.582.624.185.328.407.579.667.75.26.173.522.26.787.26.264 0 .492-.021.684-.06.192-.04.373-.101.541-.181.072-.537.268-.95.588-1.238a8.224 8.224 0 01-1.23-.216 4.896 4.896 0 01-1.13-.468 3.233 3.233 0 01-.967-.805c-.256-.32-.466-.741-.63-1.261-.165-.521-.247-1.122-.247-1.802 0-.97.317-1.794.95-2.475-.297-.729-.269-1.545.083-2.45.233-.073.577-.018 1.033.162.457.18.791.334 1.004.462.212.128.382.237.51.325a8.53 8.53 0 012.307-.313 8.53 8.53 0 012.306.313l.457-.289c.312-.192.68-.368 1.104-.528.425-.16.75-.204.974-.132.36.905.392 1.721.096 2.45.632.68.949 1.506.949 2.475 0 .68-.082 1.283-.246 1.808-.164.524-.377.944-.637 1.26a3.36 3.36 0 01-.973.8 4.916 4.916 0 01-1.13.468 8.208 8.208 0 01-1.23.217c.416.36.624.929.624 1.705v2.535c0 .144.05.264.15.36.1.096.258.124.475.084 1.858-.617 3.373-1.728 4.547-3.333 1.173-1.606 1.76-3.414 1.76-5.424-.001-1.673-.414-3.217-1.238-4.63z"/></svg></i></a><a href="https://twitter.com/OktaDev" target="_blank" rel="noopener noreferrer" class="menu--icon"><i><svg width="18" height="18" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M9 0a9.001 9.001 0 000 18A9.001 9.001 0 009 0zm4.11 7.017c.003.089.005.178.005.267 0 2.73-2.078 5.878-5.877 5.878a5.847 5.847 0 01-3.167-.928 4.144 4.144 0 003.058-.856A2.068 2.068 0 015.2 9.943a2.056 2.056 0 00.934-.035 2.066 2.066 0 01-1.657-2.051c.278.154.597.247.935.258a2.064 2.064 0 01-.64-2.758A5.865 5.865 0 009.03 7.515a2.066 2.066 0 013.52-1.884c.47-.092.913-.264 1.312-.5a2.074 2.074 0 01-.909 1.142 4.12 4.12 0 001.187-.326 4.2 4.2 0 01-1.03 1.07z"/></svg></i></a><a href="https://www.youtube.com/channel/UC5AMiWqFVFxF1q9Ya1FuZ_Q/featured" target="_blank" rel="noopener noreferrer" class="menu--icon"><i><svg width="18" height="18" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M7.879 10.372l2.928-1.686L7.878 7v3.372z"/><path d="M9 0a9.001 9.001 0 000 18A9.001 9.001 0 009 0zm5.624 9.009s0 1.825-.232 2.705a1.41 1.41 0 01-.991.992c-.88.231-4.401.231-4.401.231s-3.511 0-4.4-.24a1.41 1.41 0 01-.992-.992C3.376 10.835 3.376 9 3.376 9s0-1.825.232-2.705c.13-.482.519-.871.991-1.001C5.48 5.062 9 5.062 9 5.062s3.52 0 4.4.241c.482.13.862.51.992.992.241.88.232 2.714.232 2.714z"/></svg></i></a></div> <!----></li></ul></li><li index="1"><a href="https://developer.okta.com/blog/" target="_blank" rel="noopener noreferrer" class="link link--small link--semi-bold"><span>Blog</span></a> <!----></li><li index="2"><a href="https://www.okta.com/pricing/#customer-identity-products" target="_blank" rel="noopener noreferrer" class="link link--small link--semi-bold"><span>Pricing</span></a> <!----></li></ul> <ul class="menu--items menu--desktop"><li index="0"><a href="https://help.okta.com/" target="_blank" rel="noopener noreferrer" class="link link--small link--semi-bold"><span>Okta Docs</span></a> <!----></li><li index="1"><a href="https://www.okta.com/" target="_blank" rel="noopener noreferrer" class="link link--small link--semi-bold"><span>Okta.com</span></a> <!----></li><li index="2"><a href="/login/" target="_blank" rel="noopener noreferrer" class="link link--small link--semi-bold"><span>Log in</span></a> <!----></li></ul> <ul class="menu--items menu--mobile"><!----> </ul></div></div> <div class="flex align-items-center"><a href="/signup/" class="sign-up--button"> Sign up </a> <div class="mobile--toggles"><div class="mobile--toggle"><span></span> <span></span> <span></span></div></div> <label class="toggle-switch switch-theme"><span class="light-mode active"><img src="/img/icons/mode-light.svg" width="16" height="16" aria-hidden="true" alt></span> <span class="dark-mode"><img src="/img/icons/mode-dark-not-active.svg" width="12" height="13" aria-hidden="true" alt></span></label></div></header> <div class="header-nav"></div></div> <div class="page-body"><div class="content"><div class="content--container"><!----> <div class="content-area col-xl-10 col-lg-10 col-md-12 col-sm-12"><div class="breadcrumb"><div class="breadcrumb--container"><ol></ol></div></div> <!----> <div class="mobile-on-this-page"><h3 class="mobile-header"> On this page </h3> <div dir="auto" class="v-select vs--single vs--unsearchable"> <div id="vs3__combobox" role="combobox" aria-expanded="false" aria-owns="vs3__listbox" aria-label="Search for option" class="vs__dropdown-toggle"><div class="vs__selected-options"><span class="vs__selected"> What to know about IAM <!----></span> <input readonly="readonly" aria-autocomplete="list" aria-labelledby="vs3__combobox" aria-controls="vs3__listbox" type="search" autocomplete="off" value="" class="vs__search"></div> <div class="vs__actions"><button type="button" title="Clear Selected" aria-label="Clear Selected" class="vs__clear" style="display:none;"><svg xmlns="http://www.w3.org/2000/svg" width="10" height="10"><path d="M6.895455 5l2.842897-2.842898c.348864-.348863.348864-.914488 0-1.263636L9.106534.261648c-.348864-.348864-.914489-.348864-1.263636 0L5 3.104545 2.157102.261648c-.348863-.348864-.914488-.348864-1.263636 0L.261648.893466c-.348864.348864-.348864.914489 0 1.263636L3.104545 5 .261648 7.842898c-.348864.348863-.348864.914488 0 1.263636l.631818.631818c.348864.348864.914773.348864 1.263636 0L5 6.895455l2.842898 2.842897c.348863.348864.914772.348864 1.263636 0l.631818-.631818c.348864-.348864.348864-.914489 0-1.263636L6.895455 5z"></path></svg></button> <svg xmlns="http://www.w3.org/2000/svg" width="14" height="10" role="presentation" class="vs__open-indicator"><path d="M9.211364 7.59931l4.48338-4.867229c.407008-.441854.407008-1.158247 0-1.60046l-.73712-.80023c-.407008-.441854-1.066904-.441854-1.474243 0L7 5.198617 2.51662.33139c-.407008-.441853-1.066904-.441853-1.474243 0l-.737121.80023c-.407008.441854-.407008 1.158248 0 1.600461l4.48338 4.867228L7 10l2.211364-2.40069z"></path></svg> <div class="vs__spinner" style="display:none;">Loading...</div></div></div> <ul id="vs3__listbox" role="listbox" style="display:none;visibility:hidden;"></ul> </div></div> <!----> <div class="content__default"><h1>Identity and Access Management (IAM) overview</h1> <p>Learn the key issues and concepts for adding identity and access management to your internal and external services.</p> <p>Designing and implementing sign-in flows and access management ensures that the right person has access to the right services. Identity and Access Management (IAM) impacts your end users, customers, and employees and makes it easier to adapt to changing security needs. Even small issues with the design or implementation of IAM can cause reliability issues, or worse, expose a weakness in your security.</p> <p>A key concept for using IAM is understanding who needs to access which services and their objectives. It's not always as simple as employees and customers as there may be different types of access, such as a user or an administrator. Designing and implementing IAM systems to meet your requirements can also require significant effort. Okta can reduce the time, effort, and risk.</p> <h2 id="what-to-know-about-iam">What to know about IAM <a href="#what-to-know-about-iam" class="header-anchor header-link"><svg viewBox="0 0 512 512"><path fill="currentColor" d="M326.612 185.391c59.747 59.809 58.927 155.698.36 214.59-.11.12-.24.25-.36.37l-67.2 67.2c-59.27 59.27-155.699 59.262-214.96 0-59.27-59.26-59.27-155.7 0-214.96l37.106-37.106c9.84-9.84 26.786-3.3 27.294 10.606.648 17.722 3.826 35.527 9.69 52.721 1.986 5.822.567 12.262-3.783 16.612l-13.087 13.087c-28.026 28.026-28.905 73.66-1.155 101.96 28.024 28.579 74.086 28.749 102.325.51l67.2-67.19c28.191-28.191 28.073-73.757 0-101.83-3.701-3.694-7.429-6.564-10.341-8.569a16.037 16.037 0 01-6.947-12.606c-.396-10.567 3.348-21.456 11.698-29.806l21.054-21.055c5.521-5.521 14.182-6.199 20.584-1.731a152.482 152.482 0 0120.522 17.197zM467.547 44.449c-59.261-59.262-155.69-59.27-214.96 0l-67.2 67.2c-.12.12-.25.25-.36.37-58.566 58.892-59.387 154.781.36 214.59a152.454 152.454 0 0020.521 17.196c6.402 4.468 15.064 3.789 20.584-1.731l21.054-21.055c8.35-8.35 12.094-19.239 11.698-29.806a16.037 16.037 0 00-6.947-12.606c-2.912-2.005-6.64-4.875-10.341-8.569-28.073-28.073-28.191-73.639 0-101.83l67.2-67.19c28.239-28.239 74.3-28.069 102.325.51 27.75 28.3 26.872 73.934-1.155 101.96l-13.087 13.087c-4.35 4.35-5.769 10.79-3.783 16.612 5.864 17.194 9.042 34.999 9.69 52.721.509 13.906 17.454 20.446 27.294 10.606l37.106-37.106c59.271-59.259 59.271-155.699.001-214.959z"></path></svg></a></h2> <ul><li><p><a href="#iam-concepts">IAM concepts</a>: Introduces the Workforce and Customer Identity models for IAM solutions and summarize the main features of an IAM solution</p></li> <li><p><a href="#iam-design-example">IAM design example</a>: Describes a typical Customer Identity and Access Management (CIAM) solution</p></li> <li><p><a href="#design-an-iam-solution">Design an IAM solution</a>: Summarizes some key features of IAM solutions</p></li></ul> <p>Some topics require more information:</p> <ul><li><p><a href="/docs/concepts/iam-overview-identity-management-factors/">Identity management factors</a>: Focuses on identity storage, processing, and related administration design</p></li> <li><p><a href="/docs/concepts/iam-overview-authentication-factors/">Authentication factors</a>: Describes design considerations for authenticating users</p></li> <li><p><a href="/docs/concepts/iam-overview-authorization-factors/">Authorization factors</a>: Describes design considerations for defining what resources that a user can access</p></li> <li><p><a href="/docs/concepts/iam-overview-architectural-factors/">Architectural factors</a>: Describes important architectural requirements to consider for your solution and possible strategies for addressing them</p></li> <li><p><a href="/docs/concepts/iam-overview-iam-terminology/">IAM terminology</a>: Contains key definitions of common terms</p></li></ul> <h2 id="iam-concepts">IAM concepts <a href="#iam-concepts" class="header-anchor header-link"><svg viewBox="0 0 512 512"><path fill="currentColor" d="M326.612 185.391c59.747 59.809 58.927 155.698.36 214.59-.11.12-.24.25-.36.37l-67.2 67.2c-59.27 59.27-155.699 59.262-214.96 0-59.27-59.26-59.27-155.7 0-214.96l37.106-37.106c9.84-9.84 26.786-3.3 27.294 10.606.648 17.722 3.826 35.527 9.69 52.721 1.986 5.822.567 12.262-3.783 16.612l-13.087 13.087c-28.026 28.026-28.905 73.66-1.155 101.96 28.024 28.579 74.086 28.749 102.325.51l67.2-67.19c28.191-28.191 28.073-73.757 0-101.83-3.701-3.694-7.429-6.564-10.341-8.569a16.037 16.037 0 01-6.947-12.606c-.396-10.567 3.348-21.456 11.698-29.806l21.054-21.055c5.521-5.521 14.182-6.199 20.584-1.731a152.482 152.482 0 0120.522 17.197zM467.547 44.449c-59.261-59.262-155.69-59.27-214.96 0l-67.2 67.2c-.12.12-.25.25-.36.37-58.566 58.892-59.387 154.781.36 214.59a152.454 152.454 0 0020.521 17.196c6.402 4.468 15.064 3.789 20.584-1.731l21.054-21.055c8.35-8.35 12.094-19.239 11.698-29.806a16.037 16.037 0 00-6.947-12.606c-2.912-2.005-6.64-4.875-10.341-8.569-28.073-28.073-28.191-73.639 0-101.83l67.2-67.19c28.239-28.239 74.3-28.069 102.325.51 27.75 28.3 26.872 73.934-1.155 101.96l-13.087 13.087c-4.35 4.35-5.769 10.79-3.783 16.612 5.864 17.194 9.042 34.999 9.69 52.721.509 13.906 17.454 20.446 27.294 10.606l37.106-37.106c59.271-59.259 59.271-155.699.001-214.959z"></path></svg></a></h2> <p>IAM secures your services in two ways. First, it verifies the identity of a user when they sign in. Second, it lets a user access only the parts of your network and services that they have permission for.</p> <p>For example, a customer may require only a username and password and has permission to view and buy items. While a vendor may require a one-time passcode and has permission to add and update items, but not buy them.</p> <h3 id="workforce-and-customer-identity">Workforce and Customer Identity <a href="#workforce-and-customer-identity" class="header-anchor header-link"><svg viewBox="0 0 512 512"><path fill="currentColor" d="M326.612 185.391c59.747 59.809 58.927 155.698.36 214.59-.11.12-.24.25-.36.37l-67.2 67.2c-59.27 59.27-155.699 59.262-214.96 0-59.27-59.26-59.27-155.7 0-214.96l37.106-37.106c9.84-9.84 26.786-3.3 27.294 10.606.648 17.722 3.826 35.527 9.69 52.721 1.986 5.822.567 12.262-3.783 16.612l-13.087 13.087c-28.026 28.026-28.905 73.66-1.155 101.96 28.024 28.579 74.086 28.749 102.325.51l67.2-67.19c28.191-28.191 28.073-73.757 0-101.83-3.701-3.694-7.429-6.564-10.341-8.569a16.037 16.037 0 01-6.947-12.606c-.396-10.567 3.348-21.456 11.698-29.806l21.054-21.055c5.521-5.521 14.182-6.199 20.584-1.731a152.482 152.482 0 0120.522 17.197zM467.547 44.449c-59.261-59.262-155.69-59.27-214.96 0l-67.2 67.2c-.12.12-.25.25-.36.37-58.566 58.892-59.387 154.781.36 214.59a152.454 152.454 0 0020.521 17.196c6.402 4.468 15.064 3.789 20.584-1.731l21.054-21.055c8.35-8.35 12.094-19.239 11.698-29.806a16.037 16.037 0 00-6.947-12.606c-2.912-2.005-6.64-4.875-10.341-8.569-28.073-28.073-28.191-73.639 0-101.83l67.2-67.19c28.239-28.239 74.3-28.069 102.325.51 27.75 28.3 26.872 73.934-1.155 101.96l-13.087 13.087c-4.35 4.35-5.769 10.79-3.783 16.612 5.864 17.194 9.042 34.999 9.69 52.721.509 13.906 17.454 20.446 27.294 10.606l37.106-37.106c59.271-59.259 59.271-155.699.001-214.959z"></path></svg></a></h3> <p>High-level designs for IAM may be called Workforce or Customer identity. The two have significant overlap in use cases and technical approaches. The most important thing is to design and build a solution that meets your particular requirements.</p> <ul><li><p>Workforce identity (Workforce or WF) solutions manage employee and contractor access to your organization's apps and resources. The main goal of WF solutions is to manage risk. IT teams usually assign user identities and use cases are typically administrative. For example, you might want to control access to apps by integrating them into your single sign-on solution.</p></li> <li><p>Customer identity (Customer Identity and Access Management or CIAM) solutions add the ability to manage customer, partner, and other external access to WF. Ease of use for customers is important. CIAM solutions can increase both customer engagement and revenue. Unlike WF users, CIAM users commonly create their own identities, sign in from various locations and platforms, and may have multiple identities. Use cases are typically user-focused. For example, you might want to improve the user experience (UX) of an app and build branded user registration and sign-in flows.</p></li></ul> <div class="three-quarter border"><p><img src="/img/concepts/IAM/01-iam-types.png" alt="A diagram that gives examples of the roles of people who access customer or workforce solutions."></p></div> <h3 id="features-of-an-iam-solution">Features of an IAM solution <a href="#features-of-an-iam-solution" class="header-anchor header-link"><svg viewBox="0 0 512 512"><path fill="currentColor" d="M326.612 185.391c59.747 59.809 58.927 155.698.36 214.59-.11.12-.24.25-.36.37l-67.2 67.2c-59.27 59.27-155.699 59.262-214.96 0-59.27-59.26-59.27-155.7 0-214.96l37.106-37.106c9.84-9.84 26.786-3.3 27.294 10.606.648 17.722 3.826 35.527 9.69 52.721 1.986 5.822.567 12.262-3.783 16.612l-13.087 13.087c-28.026 28.026-28.905 73.66-1.155 101.96 28.024 28.579 74.086 28.749 102.325.51l67.2-67.19c28.191-28.191 28.073-73.757 0-101.83-3.701-3.694-7.429-6.564-10.341-8.569a16.037 16.037 0 01-6.947-12.606c-.396-10.567 3.348-21.456 11.698-29.806l21.054-21.055c5.521-5.521 14.182-6.199 20.584-1.731a152.482 152.482 0 0120.522 17.197zM467.547 44.449c-59.261-59.262-155.69-59.27-214.96 0l-67.2 67.2c-.12.12-.25.25-.36.37-58.566 58.892-59.387 154.781.36 214.59a152.454 152.454 0 0020.521 17.196c6.402 4.468 15.064 3.789 20.584-1.731l21.054-21.055c8.35-8.35 12.094-19.239 11.698-29.806a16.037 16.037 0 00-6.947-12.606c-2.912-2.005-6.64-4.875-10.341-8.569-28.073-28.073-28.191-73.639 0-101.83l67.2-67.19c28.239-28.239 74.3-28.069 102.325.51 27.75 28.3 26.872 73.934-1.155 101.96l-13.087 13.087c-4.35 4.35-5.769 10.79-3.783 16.612 5.864 17.194 9.042 34.999 9.69 52.721.509 13.906 17.454 20.446 27.294 10.606l37.106-37.106c59.271-59.259 59.271-155.699.001-214.959z"></path></svg></a></h3> <p>You can divide the features of an IAM system into three areas: user experience, security, and infrastructure. The following diagram illustrates the most important features in each area.</p> <div class="full border"><p><img src="/img/concepts/IAM/02-iam-parts.png" alt="An illustration that shows some of the important components of the user experience, security implementation, and infrastructure of identity and access management solutions."></p></div> <h4 id="infrastructure">Infrastructure <a href="#infrastructure" class="header-anchor header-link"><svg viewBox="0 0 512 512"><path fill="currentColor" d="M326.612 185.391c59.747 59.809 58.927 155.698.36 214.59-.11.12-.24.25-.36.37l-67.2 67.2c-59.27 59.27-155.699 59.262-214.96 0-59.27-59.26-59.27-155.7 0-214.96l37.106-37.106c9.84-9.84 26.786-3.3 27.294 10.606.648 17.722 3.826 35.527 9.69 52.721 1.986 5.822.567 12.262-3.783 16.612l-13.087 13.087c-28.026 28.026-28.905 73.66-1.155 101.96 28.024 28.579 74.086 28.749 102.325.51l67.2-67.19c28.191-28.191 28.073-73.757 0-101.83-3.701-3.694-7.429-6.564-10.341-8.569a16.037 16.037 0 01-6.947-12.606c-.396-10.567 3.348-21.456 11.698-29.806l21.054-21.055c5.521-5.521 14.182-6.199 20.584-1.731a152.482 152.482 0 0120.522 17.197zM467.547 44.449c-59.261-59.262-155.69-59.27-214.96 0l-67.2 67.2c-.12.12-.25.25-.36.37-58.566 58.892-59.387 154.781.36 214.59a152.454 152.454 0 0020.521 17.196c6.402 4.468 15.064 3.789 20.584-1.731l21.054-21.055c8.35-8.35 12.094-19.239 11.698-29.806a16.037 16.037 0 00-6.947-12.606c-2.912-2.005-6.64-4.875-10.341-8.569-28.073-28.073-28.191-73.639 0-101.83l67.2-67.19c28.239-28.239 74.3-28.069 102.325.51 27.75 28.3 26.872 73.934-1.155 101.96l-13.087 13.087c-4.35 4.35-5.769 10.79-3.783 16.612 5.864 17.194 9.042 34.999 9.69 52.721.509 13.906 17.454 20.446 27.294 10.606l37.106-37.106c59.271-59.259 59.271-155.699.001-214.959z"></path></svg></a></h4> <ul><li><p><strong>Scalability:</strong> Design your solution to allow for user growth and changing use patterns of your apps and infrastructure, without requiring a redesign.</p></li> <li><p><strong>Easy integration with app stack:</strong> Maintain your IAM solution separately from your apps. Your apps can evolve independently, and you can enable multiple apps to use your IAM solution. Enable integration with your apps that optimizes performance by designing an event-based interface that's accessed using an API. Provide an SDK to make integration easier.</p></li> <li><p><strong>Traffic surge protection:</strong> Prevent sudden bursts of requests from disrupting use or operations.</p></li> <li><p><strong>High availability:</strong> Ensure that your IAM solution is fully operational when your apps go live.</p></li> <li><p><strong>High reliability:</strong> Ensure that your IAM solution is dependable and that every element of your solution works correctly, every time.</p></li></ul> <h4 id="security">Security <a href="#security" class="header-anchor header-link"><svg viewBox="0 0 512 512"><path fill="currentColor" d="M326.612 185.391c59.747 59.809 58.927 155.698.36 214.59-.11.12-.24.25-.36.37l-67.2 67.2c-59.27 59.27-155.699 59.262-214.96 0-59.27-59.26-59.27-155.7 0-214.96l37.106-37.106c9.84-9.84 26.786-3.3 27.294 10.606.648 17.722 3.826 35.527 9.69 52.721 1.986 5.822.567 12.262-3.783 16.612l-13.087 13.087c-28.026 28.026-28.905 73.66-1.155 101.96 28.024 28.579 74.086 28.749 102.325.51l67.2-67.19c28.191-28.191 28.073-73.757 0-101.83-3.701-3.694-7.429-6.564-10.341-8.569a16.037 16.037 0 01-6.947-12.606c-.396-10.567 3.348-21.456 11.698-29.806l21.054-21.055c5.521-5.521 14.182-6.199 20.584-1.731a152.482 152.482 0 0120.522 17.197zM467.547 44.449c-59.261-59.262-155.69-59.27-214.96 0l-67.2 67.2c-.12.12-.25.25-.36.37-58.566 58.892-59.387 154.781.36 214.59a152.454 152.454 0 0020.521 17.196c6.402 4.468 15.064 3.789 20.584-1.731l21.054-21.055c8.35-8.35 12.094-19.239 11.698-29.806a16.037 16.037 0 00-6.947-12.606c-2.912-2.005-6.64-4.875-10.341-8.569-28.073-28.073-28.191-73.639 0-101.83l67.2-67.19c28.239-28.239 74.3-28.069 102.325.51 27.75 28.3 26.872 73.934-1.155 101.96l-13.087 13.087c-4.35 4.35-5.769 10.79-3.783 16.612 5.864 17.194 9.042 34.999 9.69 52.721.509 13.906 17.454 20.446 27.294 10.606l37.106-37.106c59.271-59.259 59.271-155.699.001-214.959z"></path></svg></a></h4> <ul><li><p><strong>User storage and password management:</strong> Store and manage information about your users, including their passwords, for authenticating and authorizing users.</p></li> <li><p><strong>Multifactor Authentication (MFA):</strong> Require a user to verify their identity in different ways. For example, use answers to questions as a knowledge check, fingerprint scanning as a biometric check, or a key-card as a possession check. MFA is key to controlling access to your apps. See <a href="https://help.okta.com/okta_help.htm?type=oie&amp;id=ext-about-authenticators" target="_blank" rel="noopener noreferrer">Multifactor authentication<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a>.</p></li> <li><p><strong>Distributed Denial of Service (DDoS) protection:</strong> Prevent DDoS attacks from blocking legitimate use of your apps.</p></li> <li><p><strong>Compliance:</strong> Ensure that your solution complies with regulatory requirements for privacy and with industry and local cybersecurity standards. For example, apps that handle healthcare patient data must comply with the Health Insurance Portability and Accountability Act (HIPAA). And servers in Europe must follow the European Union's General Data Privacy Regulations (GDPR).</p></li> <li><p><strong>Data access control:</strong> Develop ways to grant or deny user requests to access apps and resources. You can grant or deny access based on policies, user authentication and authorization, or other data. App developers embed access control checks throughout their code to enforce your access requirements.</p></li></ul> <h4 id="user-experience">User experience <a href="#user-experience" class="header-anchor header-link"><svg viewBox="0 0 512 512"><path fill="currentColor" d="M326.612 185.391c59.747 59.809 58.927 155.698.36 214.59-.11.12-.24.25-.36.37l-67.2 67.2c-59.27 59.27-155.699 59.262-214.96 0-59.27-59.26-59.27-155.7 0-214.96l37.106-37.106c9.84-9.84 26.786-3.3 27.294 10.606.648 17.722 3.826 35.527 9.69 52.721 1.986 5.822.567 12.262-3.783 16.612l-13.087 13.087c-28.026 28.026-28.905 73.66-1.155 101.96 28.024 28.579 74.086 28.749 102.325.51l67.2-67.19c28.191-28.191 28.073-73.757 0-101.83-3.701-3.694-7.429-6.564-10.341-8.569a16.037 16.037 0 01-6.947-12.606c-.396-10.567 3.348-21.456 11.698-29.806l21.054-21.055c5.521-5.521 14.182-6.199 20.584-1.731a152.482 152.482 0 0120.522 17.197zM467.547 44.449c-59.261-59.262-155.69-59.27-214.96 0l-67.2 67.2c-.12.12-.25.25-.36.37-58.566 58.892-59.387 154.781.36 214.59a152.454 152.454 0 0020.521 17.196c6.402 4.468 15.064 3.789 20.584-1.731l21.054-21.055c8.35-8.35 12.094-19.239 11.698-29.806a16.037 16.037 0 00-6.947-12.606c-2.912-2.005-6.64-4.875-10.341-8.569-28.073-28.073-28.191-73.639 0-101.83l67.2-67.19c28.239-28.239 74.3-28.069 102.325.51 27.75 28.3 26.872 73.934-1.155 101.96l-13.087 13.087c-4.35 4.35-5.769 10.79-3.783 16.612 5.864 17.194 9.042 34.999 9.69 52.721.509 13.906 17.454 20.446 27.294 10.606l37.106-37.106c59.271-59.259 59.271-155.699.001-214.959z"></path></svg></a></h4> <ul><li><p><strong>Self service:</strong> Let end users, especially customers, self-administer their accounts. For example, ensure that a user can control account creation, password reset, and originating access requests. This can improve customer satisfaction and reduce your admin workload.</p></li> <li><p><strong>Social auth (social authentication):</strong> Let users sign in with their social media credentials. For example, let a user sign in using their Facebook or LinkedIn IDs instead of credentials. This can enhance customer satisfaction, provide reliable user data, and reduce admin workload.</p></li></ul> <ul><li><p><strong>External IdP (external Identity Provider):</strong> Let users sign in using a sign-in ID from an external Identity Provider, such as Active Directory. This can improve user satisfaction and reduce your admin workload.</p></li> <li><p><strong>SSO (Single Sign-On):</strong> Let users sign in with a single ID to access multiple related apps. Federated identity management (FIM) is related to SSO and lets users sign in and access multiple federated external Identity Providers. It has the same benefits as SSO and allows users to sign in with their existing sign-in IDs.</p></li> <li><p><strong>Automated onboarding:</strong> Automate onboarding workflows and lifecycle management. For example, manage a new user's AWS SSO entitlements, capture document signatures, and provision and deprovision user app accounts. Automated onboarding minimizes the time and effort to provision new users and perform other lifecycle change procedures and creates a positive experience for new users.</p></li> <li><p><strong>Frictionless MFA experience:</strong> Use special strategies, such as SSO or simplified sign-in flows from managed devices to streamline user sign-in flows.</p></li></ul> <h2 id="iam-design-example">IAM design example <a href="#iam-design-example" class="header-anchor header-link"><svg viewBox="0 0 512 512"><path fill="currentColor" d="M326.612 185.391c59.747 59.809 58.927 155.698.36 214.59-.11.12-.24.25-.36.37l-67.2 67.2c-59.27 59.27-155.699 59.262-214.96 0-59.27-59.26-59.27-155.7 0-214.96l37.106-37.106c9.84-9.84 26.786-3.3 27.294 10.606.648 17.722 3.826 35.527 9.69 52.721 1.986 5.822.567 12.262-3.783 16.612l-13.087 13.087c-28.026 28.026-28.905 73.66-1.155 101.96 28.024 28.579 74.086 28.749 102.325.51l67.2-67.19c28.191-28.191 28.073-73.757 0-101.83-3.701-3.694-7.429-6.564-10.341-8.569a16.037 16.037 0 01-6.947-12.606c-.396-10.567 3.348-21.456 11.698-29.806l21.054-21.055c5.521-5.521 14.182-6.199 20.584-1.731a152.482 152.482 0 0120.522 17.197zM467.547 44.449c-59.261-59.262-155.69-59.27-214.96 0l-67.2 67.2c-.12.12-.25.25-.36.37-58.566 58.892-59.387 154.781.36 214.59a152.454 152.454 0 0020.521 17.196c6.402 4.468 15.064 3.789 20.584-1.731l21.054-21.055c8.35-8.35 12.094-19.239 11.698-29.806a16.037 16.037 0 00-6.947-12.606c-2.912-2.005-6.64-4.875-10.341-8.569-28.073-28.073-28.191-73.639 0-101.83l67.2-67.19c28.239-28.239 74.3-28.069 102.325.51 27.75 28.3 26.872 73.934-1.155 101.96l-13.087 13.087c-4.35 4.35-5.769 10.79-3.783 16.612 5.864 17.194 9.042 34.999 9.69 52.721.509 13.906 17.454 20.446 27.294 10.606l37.106-37.106c59.271-59.259 59.271-155.699.001-214.959z"></path></svg></a></h2> <p>The following diagram shows a typical CIAM solution for an app that supports an organization's employees and customer users (B2B). End users sign in to the web portal or mobile app in various ways. All end users sign in to the same system, but sign-in behavior and available services are user- and organization-specific. The diagram shows some of IAM's complexity and areas where it affects an app's high-level design.</p> <p>This is an AWS-hosted healthcare app but the IAM design features are generic and can apply to apps in any domain.</p> <p>The app is used by the organization's employees and by other large corporations and has tens of millions of end users. Most end users are patients, and most primary users are physicians, nurses, and other medical personnel.</p> <div class="full border"><p><img src="/img/concepts/IAM/03-architecture-example.png" alt="A diagram that shows the complexity of a full IAM implementation."></p></div> <p>The diagram shows aspects of the IAM solution:</p> <ul><li><p>Cloud-based IAM platform</p></li> <li><p>AWS compatibility</p></li> <li><p>Single Sign-On (SSO)</p></li> <li><p>External Identity Providers</p></li> <li><p>Social authentication</p></li> <li><p>System for Cross-domain Identity Management (SCIM) provisioning</p></li> <li><p>OAuth 2.0 and OpenID Connect (OIDC) authorization and authentication</p></li> <li><p>Security Assertion Markup Language (SAML) authentication</p></li> <li><p>Multifactor Authentication (MFA) and Universal 2nd Factor (U2F) authentication</p></li> <li><p>User-specific authentication flows</p></li> <li><p>Health Insurance Portability and Accountability Act (HIPAA) compliance</p></li> <li><p>Mobile and desktop device support</p></li> <li><p>Self-registration</p></li> <li><p>IAM security logging</p></li> <li><p>B2B and B2C support</p></li> <li><p>Customer administration</p></li></ul> <p>The following factors also affect the app's design:</p> <ul><li><p>Architectural properties, such as reliability, availability, performance, scalability, and ease of integration</p></li> <li><p>Features, such as SSO, access control, and administration</p></li> <li><p>Customizations, such as branding and tailored flows</p></li></ul> <h2 id="design-an-iam-solution">Design an IAM solution <a href="#design-an-iam-solution" class="header-anchor header-link"><svg viewBox="0 0 512 512"><path fill="currentColor" d="M326.612 185.391c59.747 59.809 58.927 155.698.36 214.59-.11.12-.24.25-.36.37l-67.2 67.2c-59.27 59.27-155.699 59.262-214.96 0-59.27-59.26-59.27-155.7 0-214.96l37.106-37.106c9.84-9.84 26.786-3.3 27.294 10.606.648 17.722 3.826 35.527 9.69 52.721 1.986 5.822.567 12.262-3.783 16.612l-13.087 13.087c-28.026 28.026-28.905 73.66-1.155 101.96 28.024 28.579 74.086 28.749 102.325.51l67.2-67.19c28.191-28.191 28.073-73.757 0-101.83-3.701-3.694-7.429-6.564-10.341-8.569a16.037 16.037 0 01-6.947-12.606c-.396-10.567 3.348-21.456 11.698-29.806l21.054-21.055c5.521-5.521 14.182-6.199 20.584-1.731a152.482 152.482 0 0120.522 17.197zM467.547 44.449c-59.261-59.262-155.69-59.27-214.96 0l-67.2 67.2c-.12.12-.25.25-.36.37-58.566 58.892-59.387 154.781.36 214.59a152.454 152.454 0 0020.521 17.196c6.402 4.468 15.064 3.789 20.584-1.731l21.054-21.055c8.35-8.35 12.094-19.239 11.698-29.806a16.037 16.037 0 00-6.947-12.606c-2.912-2.005-6.64-4.875-10.341-8.569-28.073-28.073-28.191-73.639 0-101.83l67.2-67.19c28.239-28.239 74.3-28.069 102.325.51 27.75 28.3 26.872 73.934-1.155 101.96l-13.087 13.087c-4.35 4.35-5.769 10.79-3.783 16.612 5.864 17.194 9.042 34.999 9.69 52.721.509 13.906 17.454 20.446 27.294 10.606l37.106-37.106c59.271-59.259 59.271-155.699.001-214.959z"></path></svg></a></h2> <p>Consider the following areas when you design an IAM solution:</p> <ul><li><p><strong>Identity management:</strong> Store and manage data to identify every authorized individual, business, device, app, and other resource, along with their attributes and policies. This is your main source of data for user authentication, authorization, and access control.</p></li> <li><p><strong>Authentication:</strong> Verify that user sign-in credentials are both legitimate and being used by their owners.</p></li> <li><p><strong>Authorization:</strong> Define what resources that a user is allowed to access and what functions they're allowed to perform with them.</p></li> <li><p><strong>Access control:</strong> Grant or deny individual requests to view or update a restricted resource. Grant or deny requests based on the resource, whether the user is authenticated, the user's authorization, relevant policies, and other data. Access control is part of authorization.</p></li></ul> <p>All of these functions must be highly reliable, available, and secure.</p> <blockquote><p><strong>Note:</strong> The diagram in <a href="#features-of-an-iam-solution">Features of an IAM solution</a> summarizes important features to consider. Some of the features fall into two or more of the <a href="#design-an-iam-solution">IAM areas</a>.</p></blockquote> <p>Next step: <a href="/docs/concepts/iam-overview-identity-management-factors/">Identity Management Factors</a></p></div> <!----> <div class="edit-on-github"><span class="fa fa-github"></span> <span><a id="edit-link" href="https://github.com/okta/okta-developer-docs/edit/master/packages/@okta/vuepress-site/docs/concepts/iam-overview/index.md" target="_blank" rel="noopener noreferrer" data-proofer-ignore>Edit This Page On GitHub</a></span></div></div> <div class="on-this-page"><aside class="on-this-page-navigation"><div style="display:;"><!----> <div style="display:;"><div class="title"> On this page </div> <ul class="links"><li><a href="/docs/concepts/iam-overview/#what-to-know-about-iam" class="on-this-page-link"><span>What to know about IAM</span></a> <ul id="submenu_what-to-know-about-iam" style="display:none;"></ul></li><li><a href="/docs/concepts/iam-overview/#iam-concepts" class="on-this-page-link"><span>IAM concepts</span></a> <ul id="submenu_iam-concepts" style="display:none;"><li><a href="#workforce-and-customer-identity" class="on-this-page-link"><span>Workforce and Customer Identity</span></a> <ul id="submenu_workforce-and-customer-identity" style="display:none;"></ul></li><li><a href="#features-of-an-iam-solution" class="on-this-page-link"><span>Features of an IAM solution</span></a> <ul id="submenu_features-of-an-iam-solution" style="display:none;"></ul></li></ul></li><li><a href="/docs/concepts/iam-overview/#iam-design-example" class="on-this-page-link"><span>IAM design example</span></a> <ul id="submenu_iam-design-example" style="display:none;"></ul></li><li><a href="/docs/concepts/iam-overview/#design-an-iam-solution" class="on-this-page-link"><span>Design an IAM solution</span></a> <ul id="submenu_design-an-iam-solution" style="display:none;"></ul></li></ul></div></div></aside></div></div></div></div> <footer class="app-footer"><div class="app-footer__wrapper wrapper"><h2 class="visually-hidden"> Additional links </h2> <div class="footer--columns"><div class="footer--column need-support"><a href="/" class="footer-logotype"><img src="/img/logotype.svg" width="180" height="28" alt="Okta developer logotype" class="column--header"></a> <p class="footer-text"> Questions? Ask us on the <a href="https://devforum.okta.com/" target="_self" class="link"> forum. </a></p> <ul class="footer-social-networks link-list"><li class="link-list--item"><a href="https://github.com/oktadev" target="_self" class="link link-list--link"><i class="link-list--icon"><svg width="19" height="18" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M17.214 4.595a9.185 9.185 0 00-3.358-3.358C12.443.412 10.9 0 9.226 0 7.552 0 6.008.412 4.595 1.237a9.184 9.184 0 00-3.358 3.358C.412 6.008 0 7.552 0 9.225c0 2.01.587 3.818 1.76 5.424 1.173 1.606 2.689 2.717 4.546 3.333.217.04.377.012.48-.084a.47.47 0 00.157-.36l-.006-.649c-.004-.408-.006-.764-.006-1.069l-.276.048a3.52 3.52 0 01-.667.042 5.092 5.092 0 01-.835-.084 1.866 1.866 0 01-.805-.36 1.524 1.524 0 01-.528-.739l-.12-.276a3.003 3.003 0 00-.379-.613c-.172-.224-.346-.376-.522-.456l-.084-.06a.882.882 0 01-.156-.144.66.66 0 01-.108-.169c-.025-.056-.005-.102.06-.138.064-.036.18-.054.348-.054l.24.036c.16.032.358.128.595.289.236.16.43.368.582.624.185.328.407.579.667.75.26.173.522.26.787.26.264 0 .492-.021.684-.06.192-.04.373-.101.541-.181.072-.537.268-.95.588-1.238a8.224 8.224 0 01-1.23-.216 4.896 4.896 0 01-1.13-.468 3.233 3.233 0 01-.967-.805c-.256-.32-.466-.741-.63-1.261-.165-.521-.247-1.122-.247-1.802 0-.97.317-1.794.95-2.475-.297-.729-.269-1.545.083-2.45.233-.073.577-.018 1.033.162.457.18.791.334 1.004.462.212.128.382.237.51.325a8.53 8.53 0 012.307-.313 8.53 8.53 0 012.306.313l.457-.289c.312-.192.68-.368 1.104-.528.425-.16.75-.204.974-.132.36.905.392 1.721.096 2.45.632.68.949 1.506.949 2.475 0 .68-.082 1.283-.246 1.808-.164.524-.377.944-.637 1.26a3.36 3.36 0 01-.973.8 4.916 4.916 0 01-1.13.468 8.208 8.208 0 01-1.23.217c.416.36.624.929.624 1.705v2.535c0 .144.05.264.15.36.1.096.258.124.475.084 1.858-.617 3.373-1.728 4.547-3.333 1.173-1.606 1.76-3.414 1.76-5.424-.001-1.673-.414-3.217-1.238-4.63z"/></svg></i> <span class="link-list--text"></span></a></li><li class="link-list--item"><a href="https://twitter.com/OktaDev" target="_self" class="link link-list--link"><i class="link-list--icon"><svg width="19" height="16" viewBox="0 0 19 16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M18.6702 2.27734C17.9905 2.57812 17.2639 2.78125 16.4983 2.875C17.2796 2.40625 17.8811 1.66406 18.1624 0.78125C17.4319 1.21484 16.6233 1.53125 15.76 1.69922C15.0686 0.960937 14.0843 0.5 12.9983 0.5C10.9085 0.5 9.21707 2.19531 9.21707 4.28516C9.21707 4.58203 9.24832 4.87109 9.31473 5.14844C6.1702 4.99219 3.38113 3.48438 1.51785 1.19141C1.19363 1.75 1.00613 2.40234 1.00613 3.09375C1.00613 4.40625 1.67801 5.56641 2.69363 6.24609C2.06863 6.23047 1.4827 6.05859 0.974884 5.77344V5.82031C0.974884 7.65625 2.27957 9.18359 4.01004 9.53125C3.69363 9.61719 3.3577 9.66406 3.01395 9.66406C2.77176 9.66406 2.53348 9.64062 2.30301 9.59375C2.78348 11.0977 4.18192 12.1914 5.83817 12.2227C4.5452 13.2383 2.91238 13.8438 1.13895 13.8438C0.834259 13.8438 0.533478 13.8242 0.236603 13.7891C1.90457 14.875 3.89285 15.5 6.02567 15.5C12.9905 15.5 16.7952 9.73047 16.7952 4.72656C16.7952 4.5625 16.7913 4.39844 16.7835 4.23828C17.5218 3.70312 18.1624 3.03906 18.6702 2.27734Z" fill="#FFFEFA"/></svg></i> <span class="link-list--text"></span></a></li><li class="link-list--item"><a href="https://www.youtube.com/c/oktadev" target="_self" class="link link-list--link"><i class="link-list--icon"><svg width="21" height="20" viewBox="0 0 21 20" fill="none" xmlns="http://www.w3.org/2000/svg"><g clip-path="url(#clip0_2189_11938)"><path fill-rule="evenodd" clip-rule="evenodd" d="M19.3916 4.06438C19.7034 4.37475 19.9281 4.7617 20.0431 5.18637C20.4514 6.74547 20.4596 10.0003 20.4596 10.0003C20.4596 10.0003 20.4596 13.2552 20.0431 14.8143C19.9271 15.2377 19.702 15.6233 19.3902 15.9325C19.0785 16.2416 18.691 16.4635 18.2666 16.5759C16.7075 16.9941 10.4514 16.9941 10.4514 16.9941C10.4514 16.9941 4.19683 16.9941 2.63772 16.5825C2.21389 16.4685 1.82745 16.2452 1.51712 15.9349C1.20679 15.6246 0.983464 15.2381 0.869531 14.8143C0.451355 13.2552 0.451355 10.0003 0.451355 10.0003C0.451355 10.0003 0.451355 6.74547 0.869531 5.18637C0.983464 4.76254 1.20679 4.3761 1.51712 4.06576C1.82745 3.75543 2.21389 3.53211 2.63772 3.41818C4.19518 3 10.4514 3 10.4514 3C10.4514 3 16.7059 3 18.2666 3.41818C18.6918 3.53115 19.0798 3.75401 19.3916 4.06438ZM13.6484 10.0003L8.45087 7.00061V13L13.6484 10.0003Z" fill="#FFFEFA"/></g><defs><clipPath id="clip0_2189_11938"><rect width="20" height="20" fill="white" transform="translate(0.451355)"/></clipPath></defs></svg></i> <span class="link-list--text"></span></a></li><li class="link-list--item"><a href="https://developer.okta.com/feed.xml" target="_self" class="link link-list--link"><i class="link-list--icon"><svg xmlns="http://www.w3.org/2000/svg" width="19" height="18" fill="none"><circle cx="9.451" cy="9" r="9" fill="#FFFEFA"/><path fill="#191919" d="M15.415 9.809c-.811-3.268-3.971-5.984-7.452-6.406-.736-.088-1.41.412-1.5 1.114-.094.702.426 1.348 1.163 1.438 2.371.285 4.622 2.22 5.176 4.45.063.255.205.482.408.658.328.282.78.392 1.209.295.72-.164 1.166-.859.996-1.55Z"/><path fill="#191919" d="M11.42 10.924c-.395-1.76-2.009-3.295-3.701-3.522-.616-.083-1.18.381-1.259 1.034-.077.651.364 1.247.976 1.333.771.103 1.615.904 1.795 1.707.053.237.171.449.342.61.275.262.654.365 1.013.274.604-.152.978-.796.835-1.436ZM8.03 12.817a1.33 1.33 0 1 0-1.98-1.777 1.33 1.33 0 0 0 1.98 1.777Z"/></svg></i> <span class="link-list--text"></span></a></li></ul></div> <div class="footer--column contact"><h3 class="column--header"> Contact &amp; Legal </h3> <ul class="link-list"><li class="link-list--item"><a href="https://www.okta.com/contact/" target="_self" class="link link-list--link"><span class="link-list--text">Contact our team</span></a></li><li class="link-list--item"><a href="https://www.okta.com/contact-sales/" target="_self" class="link link-list--link"><span class="link-list--text">Contact sales</span></a></li><li class="link-list--item"><a href="/terms/" class="link link-list--link"><span class="link-list--text">Developer Service terms</span></a></li><li class="link-list--item"><a href="https://www.okta.com/terms-of-service/" target="_blank" rel="noopener noreferrer" class="link link-list--link"><span class="link-list--text">Site terms</span></a></li><li class="link-list--item"><a href="https://www.okta.com/privacy-policy/" target="_self" class="link link-list--link"><span class="link-list--text">Privacy policy</span></a></li><li class="link-list--item"><a href="/copyright/" class="link link-list--link"><span class="link-list--text">Copyright &amp; trademarks</span></a></li></ul></div> <div class="footer--column more"><h3 class="column--header"> More information </h3> <ul class="link-list"><li class="link-list--item"><a href="/okta-integration-network/" class="link link-list--link"><span class="link-list--text">Integrate with Okta</span></a></li><li class="link-list--item"><a href="https://www.okta.com/pricing/#workforce-identity-pricing" target="_blank" rel="noopener noreferrer" class="link link-list--link"><span class="link-list--text">Pricing</span></a></li><li class="link-list--item"><a href="/3rd_party_notices/" class="link link-list--link"><span class="link-list--text">3rd-party notes</span></a></li><li class="link-list--item"><a href="https://developer.auth0.com/" target="_blank" rel="noopener noreferrer" class="link link-list--link"><span class="link-list--text">Customer Identity Cloud</span></a></li><li class="link-list--item"><a href="/archive/" class="link link-list--link"><span class="link-list--text">Archive</span></a></li></ul></div> <div class="footer--column websites"><div class="website"><a href="https://www.okta.com/" target="_blank" rel="noopener noreferrer" class="link link--small link--bold link--uppercase link--spacing-large link--with-chevron-right link--heading"><span>OKTA.COM</span></a> <span class="description">Products, case studies, resources</span></div><div class="website"><a href="https://support.okta.com/help/s/" target="_blank" rel="noopener noreferrer" class="link link--small link--bold link--uppercase link--spacing-large link--with-chevron-right link--heading"><span>HELP CENTER</span></a> <span class="description">Knowledgebase, roadmaps, and more</span></div><div class="website"><a href="https://trust.okta.com/" target="_blank" rel="noopener noreferrer" class="link link--small link--bold link--uppercase link--spacing-large link--with-chevron-right link--heading"><span>TRUST</span></a> <span class="description">System status, security, compliance</span></div></div> <div class="copyright"><span>Copyright © 2025 Okta. All rights reserved.</span></div></div></div></footer> <div id="feedback-tab"><a id="feedback-link" href="#" title="Submit feedback"><div id="feedback-container"><p id="feedback-text">Feedback</p></div></a></div></div><div class="global-ui"></div></div> <script src="/assets/js/app.b97ec255.js" defer></script><script src="/assets/js/187.5508db82.js" defer></script><script src="/assets/js/189.a6e86ca6.js" defer></script><script src="/assets/js/66.675f21c0.js" defer></script><script src="/assets/js/227.b1a8687e.js" defer></script><script src="/assets/js/190.07ae6ea9.js" defer></script><script src="/assets/js/221.7e0ac1a4.js" defer></script><script src="/assets/js/81.62ed5f70.js" defer></script><script src="/assets/js/206.d8faf25b.js" defer></script><script src="/assets/js/208.682de341.js" defer></script><script src="/assets/js/218.ab9b48c8.js" defer></script><script src="/assets/js/82.24fa6b88.js" defer></script><script src="/assets/js/212.20c7d3ff.js" defer></script><script src="/assets/js/197.7a7ff7f9.js" defer></script><script src="/assets/js/222.685f9f10.js" defer></script><script src="/assets/js/204.178b13e6.js" defer></script><script src="/assets/js/364.9f26ec2b.js" defer></script><script src="/assets/js/207.ffb83b59.js" defer></script><script src="/assets/js/193.f4f18a80.js" defer></script><script src="/assets/js/65.eaf0931c.js" defer></script><script src="/assets/js/217.241463d0.js" defer></script> </body> </html>