SYSTEM Cited by 2 sources
Okta¶
What it is¶
Okta is an enterprise identity provider (IdP) — external SaaS directory + SSO + MFA + lifecycle management, commonly federated to via SAML or OIDC from applications and AWS accounts.
Why it's on this wiki¶
Okta appears as the upstream IdP in federated architectures where Amazon Cognito handles the AWS-application-side token issuance but employees authenticate against a centralized enterprise directory. Convera's internal customer-service apps use this shape:
User → Convera Connect App → Okta (SAML/OIDC auth)
→ Cognito (federated identity, issues JWT)
→ Cognito pre-token-generation Lambda
(enriches access token from DynamoDB)
→ App uses enriched JWT against API Gateway
This is a canonical instance of patterns/centralized-identity-federation — identity lives in a single IdP, per-application authorization grants flow through application-specific token issuers (Cognito). (Source: sources/2026-02-05-aws-convera-verified-permissions-fine-grained-authorization)
Seen in¶
- sources/2026-02-05-aws-convera-verified-permissions-fine-grained-authorization — Okta as the identity source for Convera's internal customer-service users; Cognito downstream federates identity + issues the enriched access token used by the Lambda authorizer + AVP chain.
- sources/2025-04-15-yelp-journey-to-zero-trust-access — Okta as the OIDC identity provider for Yelp's Zero Trust Access substrate (Netbird on WireGuard). The integration replaces Pulse Secure's SAML flow ("cumbersome browser-to-VPN client handoff"). Canonical OIDC+device-posture access gate shape: Okta "enforce[s] policies that ensure only users on managed devices with a secure security posture are granted access."
Related¶
- systems/amazon-cognito — federated-to-by Cognito in this shape.
- systems/netbird — Okta is the OIDC provider in Yelp's Netbird ZTA deployment.
- patterns/centralized-identity-federation — the overall architecture pattern.
- patterns/pre-token-generation-hook — runs post-federation to add application-specific authorization attributes.
- patterns/oidc-plus-device-posture-access-gate — the identity+posture access pattern Yelp instantiated against Okta.