Nowadays, a great number of organizations need an innovative viable solution that can be customized for each trusted and personalized user. Okta Identity Engine is all about providing the set of customizable building blocks for a single sign-on experience for users for authentication and authorization.

Mario Moreno

IAM Engineer

October 18th, 2021

Okta Identity Engine is responsible for splitting predefined authentication, authorization and registration flows. With this, customers will be able to create dynamic user journeys and depending on the context, unlock the ability to address an unlimited number of identity use cases with minimal custom code. The context changes based on the user, device, application, network and intent of the user’s identity journey. In simpler words, it is composed of a sequence of individual steps from registration to authentication and authorization.  

The way to customize the behavior of each step is done by components. Components are used to evaluate policies, activate Hooks, publish events, request a user to take action or to address an external service. You can even configure Okta to skip steps in the engine and choose different steps to execute and skip any application or experience, creating a variety of identity sequences.   

By customizing user journeys, Okta can take more actions within each step. Some of the options available are email magic link authentication, escalate authentication, create custom branding or route an external system.  

Okta Identity Engine Enabled Use Cases

Passwordless users

Authenticate without a password using an email-based magic link. Instead of registering a password in an authentication sequence, they would receive an email to authenticate. For certain applications the flow can be performed without a password, however, for other organizations a stronger factor such as email, push or WebAuthn is required.  

Flexible account recovery

It is important to give your users more options to recover their accounts. Users can recover their accounts via Okta Verify Push, in addition to email or phone authenticators. This improves the end user’s login experience, strengthens your security posture and decreases your help desk tickets.  

Progressive profiling

It seeks to create customer profiles incrementally over the life of the customer by adding progressive profiles for mandatory and optional attributes. Companies can configure registration to reduce friction by generating an initial enrollment process with minimal fields to complete, while configuring a subsequent enrollment for a user to generate additional information. For example, an e-mail address can be requested first when the user first becomes involved, and then a home address or phone number can be requested later. 

Special features

Per-app branding

Administrators can set up separate branded sequences to provide different experiences depending on how the user starts using your services.  

Application-level policies

Customize security policies by creating dynamic login policies that adapt to different applications based on user behavior, risk level and context.   

Unlimited possibilities

With Okta Hooks and Okta Identity Engine, the experience can be securely customized to be the foundation of any digital experience. Some of the cases that can be had are as follows: 

  • Allow access to an application without authentication.  
  • Requiring only email and name on initial registration  
  • Authenticate a user with a magic email link  
  • Never require the entry of a password as a factor  
  • Validate fake email  
  • Prevent creation of fake accounts  
  • Fraudulent authentication verification against business context  
  • Different login branding based on e-commerce sub-brand site  
  • Automatically identify a user based on browser and provide a personalized experience  
  • Ask for user consent to store personal data when registering  


To conclude, it is important to emphasize the great impact that this new model Okta will follow for implementing solutions in the not too distant future. They will be able to provide users with a much more user-friendly and personalized experience. Organizations will be able to create unique access experiences that will be deeply integrated with the rest of their technology stack. Okta Identity Engine will provide a flexible solution for digital identity.   


[1] Okta Identity Engine. Okta Inc. 2021