API Policies > Third-party authentication and authorization
Third-party authentication and authorization
You can use third-party authentication in API Center to handle user authentication and authorization.
API Center integrates with external identity providers, such as Okta or Azure Active Directory (AAD) to verify users' identities and grant them access to protected resources. The advanced identity management and authentication systems with third-party providers enhances security and scalability, and reduces administrative load in API Center.
If your organization is licensed and configured for SAML, you can use OAuth to start a REST API session using JSON web token (JWT) access tokens. Your organization's IDMC administrator can set up OAuth using Azure Active Directory or Okta as the identity provider so that users can start REST API sessions using JWT access tokens.
You can use your already existing OAuth provider or identity provider, such as Azure AD or Okta. You can generate the tokens using the authorization servers provided by these identity providers to access protected resources, such as APIs. You do not need to add all your third-party API users in IDMC.