Application access management using Okta

Hi there

Does Okta provide features that may address the following use case I have:
We currently have a bespoke application access management system (ams for short) that manages user access to certain functions for a few applications. When a user tries to access a particular function (e.g. see transaction history), the client application will call the AMS to query if the user has rights to this function.

The function access is managed by AMS and is linked to roles and access scopes (such as which office the user is working at). I.e. Only user with a certain role and access scope can use this function.

I’m currently trialing Okta now and so far user and roles management does fit the use case, but i can’t seem to find any feature that may allow me to manage application functions (to that granular management).

Would like to point out that when I use functions, it is not referencing APIs, its really defining application business-related functions (such as “View transactions history”, “Delete user”) that the application use to control access for the user as these are legacy systems that do not use APIs.

In summary, I just like to know if Okta has such feature or perhaps similar feature that I may explore.
Hope someone can point me to the right direction.

Thanks in advanced!

Good question! Would you be implementing OAuth/OIDC for the app(s)? It might make sense to take advantage of Okta’s Groups, add them as claims to a user’s ID token, and allow your app to make decisions based on those groups.

1 Like

Thanks for your response!

We may have apps that will be implementing OAuth/OIDC and I have considered your suggestion and was able to customize the profile to return some custom attributes. I think where this use case extends further is to have a platform that also allows management of the application functions and mapping the functions to the groups. Is that possible?

Aside from having groups in claims, is there other alternatives Okta has?

Thanks in advance!

Hi, is there any updates to this query? Thanks!