SYSTEM Cited by 1 source
Okta¶
What it is¶
Okta is an enterprise identity provider (IdP) — external SaaS directory + SSO + MFA + lifecycle management, commonly federated to via SAML or OIDC from applications and AWS accounts.
Why it's on this wiki¶
Okta appears as the upstream IdP in federated architectures where Amazon Cognito handles the AWS-application-side token issuance but employees authenticate against a centralized enterprise directory. Convera's internal customer-service apps use this shape:
User → Convera Connect App → Okta (SAML/OIDC auth)
→ Cognito (federated identity, issues JWT)
→ Cognito pre-token-generation Lambda
(enriches access token from DynamoDB)
→ App uses enriched JWT against API Gateway
This is a canonical instance of patterns/centralized-identity-federation — identity lives in a single IdP, per-application authorization grants flow through application-specific token issuers (Cognito). (Source: sources/2026-02-05-aws-convera-verified-permissions-fine-grained-authorization)
Seen in¶
- sources/2026-02-05-aws-convera-verified-permissions-fine-grained-authorization — Okta as the identity source for Convera's internal customer-service users; Cognito downstream federates identity + issues the enriched access token used by the Lambda authorizer + AVP chain.
Related¶
- systems/amazon-cognito — federated-to-by Cognito in this shape.
- patterns/centralized-identity-federation — the overall architecture pattern.
- patterns/pre-token-generation-hook — runs post-federation to add application-specific authorization attributes.