Beyond the Login Box: Okta Fuels Developer Innovation in Identity

The traditional username and password combo remains the go-to for most web and mobile authentication. But as Bhawna Singh, CTO of Okta Customer Identity Cloud, shared during the Developer Keynote at Oktane 23, “It’s time we move past it.” She rallied developers to embrace flexible, cutting-edge identity solutions that eliminate passwords and customize experiences.

Singh knows developers crave security but loathe friction and constraints. “Our commitment remains firm to make sure your experience is always simpler and faster without sacrificing security,” she pledged.

Kill Passwords for Good With Passkeys

Singh cited troubling data on the risks of password-based authentication. According to 2023 research, “86% of application breaches involve the use of stolen credentials.”

Okta blocks over 10 million malicious login attempts in a single day. Singh advocated for eliminating shared secrets. “Passwords alone are not secure to protect users’ identities,” she said. Instead, she highlighted passkeys as a phishing-resistant successor. Passkeys use public key cryptography and biometrics, not vulnerable secrets.

“Passkeys should and can replace passwords,” Singh stated, touting enhanced security and improved user experience. Browsers and devices can discover passkeys, eliminating forgotten password resets.

Okta enables passkey support across all products and tiers to ease developer adoption. “When you switch to passkeys, the transition will be smooth,” said Singh, as both passwords and passkeys can be enabled simultaneously.

She’s playing the long game on adoption, currently only at 4%. “It’s not either-or, it’s and,” she said, referencing balancing convenience and security. She’s educating developers on passkeys’ strengths through events, docs, and hands-on labs.

Customize Authentication With Okta Actions

Every app and company has unique access requirements. Okta’s extensible solutions allow developers to tailor experiences.

Singh showcased Okta Actions, the company’s authentication and authorization customization framework. “Actions replace rules and hooks to provide a more robust and friendly development environment,” she said.

Developers can enable common use cases like biometrics quickly by finding relevant Actions in Okta’s drag-and-drop integration marketplace.

When more bespoke functionality is needed, Okta’s Actions editor and hosting streamline building and deploying custom code without additional infrastructure overhead. Developers can even submit widely useful Actions to the marketplace for others to leverage.

Coming later this month, customizable login page prompts will provide more flexibility. Singh explained that developers can “add new elements to existing authentication screens” instead of rebuilding UIs from scratch.

Simplify Authorization With Okta FGA

Singh discussed how authorization provides the next layer of protection on top of authentication. It controls what users can access and do after verifying their identity.

Authorization has become critical for privacy, security, and collaboration but is often implemented in complex, entangled ways that impede developer speed and permissions visibility.

Okta’s new fine-grained authorization service, Okta FGA, provides a centralized solution. “FGA enables you to define your authorization model, and we handle the complexity,” said Shiven Ramji, President of Okta’s Customer Identity Cloud.

Developers use simple constructs like groups and roles to build permission policies that can be applied globally to standardize access. FGA stores relationships and makes authorization decisions behind the scenes, surfacing data to apps when needed.

“Authorization is not your core business. You shouldn’t have to build this, we should,” Ramji said, citing how FGA saves development time.

Scale New Heights With Architectural Innovation

Amidst explosive user growth, Okta increased capacity by 6.5X in six months to handle 10,000 transactions per second. How? “Distributed systems are more than the sum of their parts, so use that to your advantage,” said Mark Voelker, Okta’s VP of Architecture. 

He advocated for improving components incrementally versus risky whole-system overhauls. Strategic caching and decoupling services accelerated targeted scale-ups. Voelker concluded, “For modern developers, it's never just one thing. You get asked to scale, but you must also retain reliability and efficiency.”

Developer Obsession Fuels Okta’s Innovation

“Our innovation has led to modern authentication and authorization at scale,” said Singh. “But we’re not stopping.”

She took the Developer Keynote stage to prove that Okta’s developer devotion goes beyond marketing slogans. They are continually building tools to make every developer’s experience smoother, easier, and more impactful.

“We know developers are behind the creation of every application. Making it easier for developers to build secure applications is a prerequisite for delighting your end users,” said Singh.

She walks the walk, tirelessly working to strengthen Okta’s genuine developer relationships. “How much are we making it low-code/no-code?” she asked of her teams. “Are we investing in developers and building this community?”

Singh knows earning customer trust means meeting developers where they are, whether just starting or pushing boundaries. She pledged, “Our commitment remains firm to make sure the developer experience is always simpler and faster without sacrificing security.”

Okta is fueling developer innovation, moving beyond login boxes to flexible, passwordless, highly scalable identity solutions. As Singh said, “It’s time we move past it.”