Building an Identity Platform Using Okta for Healthcare Applications

Explore the process of building an identity platform using Okta for healthcare applications in this 29-minute conference talk from Oktane 2022. Learn how Medly, a digital pharmacy, created abstractions on top of the Okta API to standardize Identity and Access Management across their B2B and B2C applications. Discover how to leverage Okta and multiple auth servers, create engineer-friendly abstractions, and bake security and compliance requirements into platform tooling. Gain insights on developing SDKs for backend services and React hooks libraries for frontend applications, ensuring consistent delivery pipelines across products. Understand how to detect outlier applications not following standard practices and create a robust, flexible identity platform that meets healthcare industry requirements.

Intro
Authentication using PKCE
Authorization based on presence of 'Admins' group
Applications per environment
Application profile over base profile
Entity based scopes and claims
Application level policy and rule
Client-credentials Okta apps
Service Okta app per environment
Application profile attributes for claims
Granular claims per scope
JWKS and custom scopes and claims validation
One B2C app across all B2C platforms
Use of groups for granular customizations
Resource level authorization
Authorization server segregation
React Library: Features
NodeJS Service: Features
Token verification library: Features
Libraries for build and runtime: Benefits
Terraform modules for SPA apps provisioning
Terraform modules for service apps provisioning
Automating deployment using TF output
Email integration with ZenDuty
Cloudwatch alarms integration with ZenDuty
Event Hooks integration with ZenDuty
Directory Integration
Activity log retention and analytics