As organizations look to accelerate their digital transformation initiatives, a couple of key trends are prevalent. First, there is a movement from monolithic to smaller cloud native microservices. Second, there is more pressure to innovate, resulting in an explosion of APIs and connections to secure. To help organizations address these trends, Kong is joining forces with Okta to deliver the best-in-class identity for API management.
"We are pleased to have Kong join the Okta technology partner ecosystem,” said John Pritchard, VP of product management at Okta. "Kong is a leader in API management. Kong's integration with Okta helps our joint customers securely manage their APIs and microservices."
Kong's technology partnership with Okta helps organizations securely design, publish, and consume APIs and microservices.
"Kong and Okta are best-in-class solutions to support customers' API management and identity needs, enabling organizations to make it easier to secure identity at every step of the development lifecycle," said Ken Kim, vice president of business development at Kong.
[Kong's API gateway](https://konghq.com/kong)Kong's API gateway was designed and built for modern application development platforms, optimized for microservices and distributed architectures. The main capabilities provided by Kong are:
Okta API Access Management provides comprehensive identity provider (IdP) capabilities to secure enterprise-wide applications, including:
The Kong API gateway is available in two form-factors, Kong Enterprise, which is self-managed, and a new cloud offering called [Kong Konnect Cloud](https://cloud.konghq.com/register)Kong Konnect Cloud. Kong and Okta have created integrations for both editions, which leverage the same plugins and provide all the same benefits
The Kong API gateway and Okta identity provider relationship is based on [OpenID Connect (OIDC) ](https://docs.konghq.com/gateway/2.6.x/developer-portal/administration/application-registration/okta-config/#main)OpenID Connect (OIDC) standards. Both products fully support OIDC and provide seamless integration to implement all flows and grants defined in the standard to give flexibility to the authentication and authorization processes.
In this sense, Kong and Okta offload request processing from the upstream services: Kong handles routing, transformation, observability and other policies while delegating authentication, authorization and role-mapping to Okta. The services sitting behind Kong and Okta, including legacy SOAP services, modern protocols such as REST, GraphQL and gRPC, as well as cutting-edge microservices running in Kubernetes, are free to focus on business logic alone, leading to a dramatically improved development velocity, an improved security posture and faster time to value.
During Kong Summit 2021, Kong announced the availability of Okta support in Kong Konnect Cloud for Kong administrative SSO and authentication and authorization for API consumers. Kong announced a one-click button integration with Okta with complete role-mapping.
For more Information, check both [Kong](https://docs.konghq.com/enterprise)Kong and [Okta](https://www.okta.com)Okta web sites as well as the [blog video series](https://developer.okta.com/blog/authors/claudio-acquaviva)blog video series describing four OIDC-based processes, including:
[*Claudio Acquaviva*](https://konghq.com/blog/author/claudioacquaviva)*Claudio Acquaviva** also contributed to this article.*
Application programming interfaces (APIs) allow software to communicate and share data. But how can those APIs confirm the identity of the clients theyre communicating with? API keys are one solution. API keys are unique codes for authenticating and
[](https://konghq.com/blog/learning-center/what-are-api-keys)
Kong is excited to announce Solace as the newest member of our Premium Technology Partner Program, a program designed to deliver high-quality, reliable integrations that provide real business value for customers. Together, Kong and Solace unify AP
[](https://konghq.com/blog/news/solace-kong-premium-technology-partner)
InfoWorld’s annual awards recognize the most innovative software development, DevOps, cloud, data management, and AI/ML products on the information technology landscape. We are extremely proud to see Kong Konnect recognized for its role in unifying
[](https://konghq.com/blog/news/infoworlds-technology-of-the-year-api-management)
As cybersecurity takes the main stage, organizations face a significant challenge: how do you strike a balance between maintaining a high level of security and ensuring employees have enough data access to perform their jobs properly? Role-based ac
[](https://konghq.com/blog/learning-center/what-is-rbac)
Ensuring secure access to applications and APIs is critical. As organizations increasingly adopt microservices architectures and cloud native solutions, the need for robust, fine-grained access control mechanisms becomes paramount. This is where the
[](https://konghq.com/blog/engineering/secure-access-control-with-opa-and-kong)
In the modern IT stack, API gateways act as the first line of defense against attacks on backend services by enforcing authentication/authorization policies and validating and transforming requests. When backend services are protected with a token-b
[](https://konghq.com/blog/engineering/zero-trust-oauth-2-0-mtls-client-authentication)
With digital transformation shifting networks into the cloud — from remote workforces to online banking — cyberattacks are growing more prevalent and sophisticated. Legacy security models like VPNs and perimeter-based firewalls are proving inadequat
[](https://konghq.com/blog/engineering/microsegmentation-and-zero-trust-security)