Okta launced a new API Access Management solution Tuesday at its Oktane 16 event in Las Vegas, a move partners said would help them add more security features to their application and development portfolios.
The new Okta API Access Management sets itself apart from other API access management offerings by managing access based on the user, group membership, network zone or device, rather than by application. Integrated into the Okta One Identity cloud, the offering allows for the creation, maintenance and audit of API access policies. It is also integrated with other API management solutions.
The launch responds to growing demand from customers and partners for a secure and user-friendly application integration offering, Okta Chief Product Officer Eric Berg said. While Okta is best known for its single sign-on and identity and access management solutions, Berg said one of the company’s “best-kept secrets” is its growing base of customers building application solutions on top of its platform to better secure their application supply chain and back end.
Now, with the launch of Okta API Access Management, Berg said the door has been opened for partners and enterprises to build composite applications and for partners to integrate new features securely into legacy applications.
Bryan Wiese, vice president and general manager of identity and access management at Denver-based Optiv Security, said Optiv is already seeing interest in this type of solution from customers. That comes mostly from customers who have a business built on platform consumption of services or those who more generally recognize the importance of investing in application security, he said.
“Today, the number of companies involved in the API economy and the number of APIs available in the market for consumers and developers are growing at an exponential rate. Companies need to be able to centrally and effectively manage access management policies for these services being offered to consumers,” Wiese said.
Rex Thexton, managing director, Accenture Security, agreed, saying the systems integrator is seeing “demand for improved API access management, auditing and analytics steadily increasing.” In particular, Thexton said security solutions like Okta API Access Management are needed as businesses move to develop new APIs and services around legacy applications in a secure way.
“As the adoption of cloud services increases and as more enterprises begin making their services and APIs available externally, these use cases and boundaries are becoming much more difficult to define. … This [offering] will be important for IT since it will provide a standard approach to manage identity-driven access to APIs and provide a centralized administration point which can manage access across the entire enterprise,” Thexton said, adding that this need will only grow with the addition of more mobile and Internet of Things devices and applications.
For Okta, the launch marks an expansion into a new market for application security, Berg said. He said that positions Okta and its partners to take a hand in the “digital transformation” of customers, both offering new web and mobile application experiences with back-end integration and/or selling access to core APIs and services.