Okta on Wednesday announced the Okta API Products One App, which lets engineering teams and developers implement multifactor authentication, or MFA, for any single website or application.
Developers can use API Products for One App free if they display “Identity by Okta” on the login page of their app.
Okta API Products for One App includes the following:
- Authentication and directory services for Web or mobile apps;
- A self-registration feature that lets community members easily register for an account;
- A social authentication feature that allows end users to log in and create an account with a social identity, leveraging streamlined OAuth 2.0 connections, rich user profiles and authorization;
- An admin app that lets developers manage users, groups, apps, APIs and policies;
- Tools and controls that let developers use Okta’s widgets, SDKs, toolkits, documentation, wizards and code snippets to add modern identity to any app swiftly and with full protocol, factor and policy support; and
- Secure multifactor authentication that allows developers to leverage SMS-based one-time passcodes or Okta Verify for a second factor.
Okta API Products One App gives developers direct access to the full granularity of the Okta REST API.
Making Identity Infrastructure-Building Easier
API Products One App takes the stress of building identity infrastructure off internal engineering teams, which helps them get new products to market more quickly, said Ed Sawma, Okta’s director of product marketing.
Potential users range from enterprises creating a single digital experience to startups to nonprofits with limited resources.
Integrating API Products One App into a product means its authentication solution will have the latest security updates, won’t require ongoing maintenance by internal devs, and will offer end users a seamless log-in experience, Sawma pointed out.
“Most websites are only lightly secured,” noted Michael Jude, research manager at Stratecast/Frost & Sullivan.
Multifactor authentication “can improve Web security,” he told the E-Commerce Times.
API Products One App offers the greatest benefit to “most small Web retail sites that, until now, used simple password authentication,” Jude said.
Leveraging Social Media
The Products One App offers social authentication, letting people use a personal social media account as their security credential.
Social authentication lets individuals mask their identity and still stay secure, Jude pointed out. However, “it increases the potential for someone to be spoofed.”
The Okta social authentication feature leverages streamlined OAuth 2.0 connections, rich user profiles and authorization.
“OAuth 2.0 is the next evolution of the industry standard OAuth protocol and not only is secure, but makes the client developer experience simpler by providing specification authorization flows for a variety of applications,” Okta’s Sawma remarked. These additional authorization flows “provide more security to developers and users alike.”
Potential Security Issues
API Products One App does not protect against malicious apps from authenticated social network users.
Take Facebook, for instance. Trustlook has identified nearly 26,000 malicious apps that use a Facebook API developers can leverage to obtain a range of information from a Facebook profile.
The official Facebook android app (com.facebook.katana) recently began generating popups asking for superuser permissions, sparking consternation among users.
Facebook later said the problem was caused by a coding error in one of its antifraud systems, and said it had fixed the problem.
Android users earlier this month complained on Reddit that Facebook was asking for root access to their devices.
“API Products One App simply provides authentication, authorization and user management functions for an app,” Sawma said. “It has nothing to do with the Facebook API.”
One App lets a developer “not have to worry about storing passwords themselves because Okta handles authentication,” he explained. “However, all the identities or the app are still controlled by that app.”
Okta offers an alternative, said Sawma. Sign In with Okta lets people log into an app with their own Okta identity, which is controlled by their employer.