Kong and Okta Deliver Best-in-Class Identity for API Management

As organizations look to accelerate their digital transformation initiatives, a couple of key trends are prevalent. First, there is a movement from monolithic to smaller cloud native microservices. Second, there is more pressure to innovate, resulting in an explosion of APIs and connections to secure. To help organizations address these trends, Kong is joining forces with Okta to deliver the best-in-class identity for API management.

"We are pleased to have Kong join the Okta technology partner ecosystem,” said John Pritchard, VP of product management at Okta. "Kong is a leader in API management. Kong's integration with Okta helps our joint customers securely manage their APIs and microservices."

Kong's technology partnership with Okta helps organizations securely design, publish, and consume APIs and microservices.

"Kong and Okta are best-in-class solutions to support customers' API management and identity needs, enabling organizations to make it easier to secure identity at every step of the development lifecycle," said Ken Kim, vice president of business development at Kong.

Kong's API gateway was designed and built for modern application development platforms, optimized for microservices and distributed architectures. The main capabilities provided by Kong are:

• Universal deployment to hybrid or multi-cloud infrastructure with sub-millisecond processing latency
• Extensive library of plugins to implement request processing policies for north/south or edge API traffic, including commonly used plugins such as rate limiting, authentication and authorization, proxy caching, log processing, Kafka and GraphQL servers integration.
• API developer portal to onboard developers and APIs, generate API documentation from OpenAPI, create custom web pages, manage API versions and secure API access

Okta API Access Management provides comprehensive identity provider (IdP) capabilities to secure enterprise-wide applications, including:

• Single sign-on: Cloud and hybrid-based authentication processes
• Universal directory: One directory abstraction for all users, groups and devices stored in multiple repositories
• Multi-factor authentication (MFA): flexible authentication policies to support numerous credential types

The Kong API gateway is available in two form-factors, Kong Enterprise, which is self-managed, and a new cloud offering called Kong Konnect Cloud. Kong and Okta have created integrations for both editions, which leverage the same plugins and provide all the same benefits

Kong Gateway Integration With Okta API Access Management

The Kong API gateway and Okta identity provider relationship is based on OpenID Connect (OIDC) standards. Both products fully support OIDC and provide seamless integration to implement all flows and grants defined in the standard to give flexibility to the authentication and authorization processes.

In this sense, Kong and Okta offload request processing from the upstream services: Kong handles routing, transformation, observability and other policies while delegating authentication, authorization and role-mapping to Okta. The services sitting behind Kong and Okta, including legacy SOAP services, modern protocols such as REST, GraphQL and gRPC, as well as cutting-edge microservices running in Kubernetes, are free to focus on business logic alone, leading to a dramatically improved development velocity, an improved security posture and faster time to value.

Okta Support in Kong Konnect Cloud

During Kong Summit 2021, Kong announced the availability of Okta support in Kong Konnect Cloud for Kong administrative SSO and authentication and authorization for API consumers. Kong announced a one-click button integration with Okta with complete role-mapping.

For more Information, check both Kong and Okta web sites as well as the blog video series describing four OIDC-based processes, including:

• User authentication with authorization code grant
• Application authentication with client credentials grant
• Token issuing and strong validation processes with introspection flow
• OIDC-based access control policies

Claudio Acquaviva also contributed to this article.