<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00009gRqT4CAKOkta Classic EngineAuthenticationAnswered2024-10-22T09:00:44.000Z2023-09-22T01:12:23.000Z2023-09-23T01:46:53.000Z

lv6c8 (lv6c8) asked a question.

September 22, 2023 at 1:12 AM
How many deployments of a Secure Token Server, should you ideally have?

So here is my problem. I have a situation where a customer wants to have 3 or more individual working environments of an API and a client application. They use multiple databases which means they require 3 separate instances of the API running. In terms of authentication to clients/third part access, this is handled by Identity Server, which supplies a JWT to access data. There's a bit more such as permissions but let's stick with the simple idea that they are secured by JWT produced by calling ID Server endpoints in the usual fashion.

The question here is, should we have one STS that manages the three same API's (different server for each) or have three instances of the STS for each API deployment? Bare in mind that these are all for the same customer and the very same API but connected to different versions of the same database, i.e. PRODUCTION, TEST, VALIDATION.

My own understanding is that you should only ever have one ID Server, thoughts?

  • 1 answer
  • 476 views

  • Cristian (Vendor Management)

    Hello Martin!

     

    Thank you for raising the case with Okta. Cristian here with the Support Team.

    In regard to your question, there is no one-side-fits-all answer to whether you should have one or three instances of the Server. It depends on the specific needs and constraints of your customer's project.

    In order to make an informed decision that align with your customer's objectives, resources and security requirements, please take into consideration the bellow factors:

    • Isolation of Environments: If each individual working environment needs to be isolated and independent of each other, having three separate instances of the STS might be a reasonable choice, as this ensures that changes or issues in one environment will not affect the others.
    • Maintenance and updates: Maintaining multiple instances of the STS can be more complex and require more effort in terms of updates, patches, and overall maintenance. If they are all the same but connected to different database versions, you might want to consider whether the differences between the database versions necessitate separate STS instances.
    • Resource utilization: If one instance can handle the authentication load for all three API deployments efficiently, it might be more resource-effective to have a single instance. However, if each API environment has significantly different authentication needs or usage patterns, separate instances might be necessary to ensure performance and security.
    • Scalability: If you anticipate a significant increase in the number of clients or requests, having separate instances can provide a better scalability control, as you can allocate resources independently to each environment.

     

    Best regards,

    Cristian Lazar

    Okta Global Customer Care

    Expand Post
This question is closed.
Loading
How many deployments of a Secure Token Server, should you ideally have?