This guide demonstrates how to implement passkey authentication with Okta using a hybrid approach that combines direct API calls for enrollment with the Okta Auth JS SDK for authentication. Passkeys are WebAuthn credentials that provide a more user-friendly authentication experience, built on the WebAuthn standard. They leverage the same underlying technology with additional features such as cross-device synchronization and a more intuitive user experience.

Authentication with shared devices comes with its unique set of challenges. Some scenarios are specific to an organization’s workforce whereas some use cases are consumer specific. In this article, I will focus on the consumer scenarios, and explore the challenges and possible options to address shared device authentication securely.

Digital applications have widely adopted the ubiquitous OAuth 2.0 framework, which became popular due to its universal nature of working seamlessly across the web, SPA, or mobile applications to provide authentication and authorization services.

Are you developing new applications or planning to modernize the existing applications in your organization? Ensure you have done your due diligence on how the application captures the authenticating user credentials. This is a subtle and often overlooked aspect of application authentication. With the rise of credential theft attacks, failing to plan for adequate guardrails around the application’s access to user credentials, can make your organization vulnerable to breaches.

Digital applications need to deal with identities all the time. It is important to verify identity at the application front door in the form of authentication. There are several mature and sophisticated techniques and standards for user authentication, such as OIDC and SAML, which allow a trusted identity provider (IDP) to securely authenticate the user before allowing access to an application.

The chain is only as strong as its weakest link

With the evolution of cloud based technologies and deployment patterns, authorization tokens from an application are increasingly becoming a target for the bad actors. Consequently token protection is taking shape of an intense battleground between security enforcer and bad actors.

In this article, we will explore how authentication tokens in applications integrated with Okta Workforce Identity Cloud (WIC) can be protected from misuse, using a relatively new OAuth 2.0 extension Demonstrating Proof of Possession (DPoP).

In the article as highlighted in my previous post, I discussed about step-up authentication in general. In this post we will explore few ways Okta Workforce Identity Cloud (WIC) can support step-up authentication in an application.

Step-up authentication shows up frequently in digital applications, but is often implemented in an adhoc way by application developers or vendors.