What is Secure Partner Access (SPA)?

The Secure Partner Access (SPA) solution securely manages identities and access to shared applications for an organization’s business partners. It provides a partner admin portal that allows customers to segment their business partner users and assign a delegated admin to manage users — without needing access to the Okta Admin Console.

Business partners can include organizations with which your organization has a vested B2B relationship, such as your supply chain or distribution partners. 

How does SPA extend Okta’s current security framework?

SPA enhances Okta’s security capabilities by:  

• Hardening the environment: SPA implements least-privilege administration and reserves the Okta Admin Console for super admins. SPA provides a separate centralized partner admin portal for business partners to manage their users. Partner admins can use this portal to manage their users’ group membership and applications. 
• Optimizing IT Operations: SPA delegates user management and application assignments to a delegated partner administrator. SPA also Implements centralized monitoring by allowing Okta super admins to view and control all their business partner admin portals and users from their single Okta org. 
• Reducing security risks: Protects access to all applications and resources. Okta super admins can select limited applications that can be assigned from the partner admin portal. Delegated partner admins can only provide access to those applications. 

What are some important SPA concepts? 

Following are a few important SPA concepts:  

• Realms: SPA uses Realms to partition users in the Universal Directory while allowing them to share resources. Each realm consists of users stored and managed separately within an Okta org. You can create a separate partner admin portal for each realm.  
• Partner Admin Portal: You can assign a delegated partner admin to manage users and their application access from the partner admin portal. SPA has a preconfigured Partner Admin role that provides pre-configured user management tasks. 
• Realm assignment: Realm assignment simplifies the user onboarding process for organizations with multiple profile sources. You can create assignment rules to assign realms when a user is added to Okta or move existing users from one realm to another. When a user is assigned to a realm, the user automatically gets assigned to the associated partner admin portal. 

Available Resources

• Set Up Secure Partner Access
• Manage SPA Partner Admin Portal
• SPA Product Hub
• SPA Product Documents