How do you know if you need to use Okta’s authorization server instead of the authorization service that is built in to your Okta?Applies to:
- Okta environments with the API Access Management SKU
You need an Authorization Server if
- You need to protect non-Okta resources.
- You need different authorization policies depending on whether the person is an employee, partner, or end user, or other similar specializations.
Note: If your employees, partners, and users can all use the same authentication policies for single sign-on, try Okta’s built in authorization service.
For more info, review: https://help.okta.com/en/prod/Content/Topics/Security/API_Access.htm