Okta for Authentication and using a separate in house built Authorization serivce

My organization is using okta for authentication and the company has a separate central authorization service which is running separately and uses JWT token. My question is, is there any way I can integrate my authorization service wit Okta so that during authentication Okta able to get the authorization from the other service?

Hi @Friday! It’s coincidentally Friday as I write to you. Sounds like your organization uses our Okta Org Authorization Server for authentication but for authorization services you will need a Custom Authorization Server. You can read more about this setup here Okta Help Center (Lightning). Once you have a Custom Authorization Server with Okta you can mint access tokens for your backend resources but it works separately and does not mix with other authorization services.

1 Like

@sigama , yes its Friday :). Thanks for the help. I thought i can mix Okta with external authorization and thanks for explaining. I will look the details of Custom Authorization

We use PlainID for Authorization and make use of an Inline Hook in a similar flow that it sounds like you are looking for. The user authenticates and then the token is passed onto PlainID to do the Authorization. It adds the access claims and sends back to Okta. This is working very well and if your service can accept the token and process it, it might be the best way to integrate. One thing you will need to be aware of though is the “Assignments” in Okta. Users will still need to be assigned to each application in Okta and you can either have an all encompassing group assigned there or work out a way to sync the list of users with permissions back to an Okta group that is assigned the application.