This section has guides, concepts and examples that help you define an authorization model.

When to use

The content in this section is useful:

• If you are starting with Okta FGA and want to learn how to represent your organization's/system's authorization needs.
• If you are working on iterating on an authorization model you previously defined.

Content

Getting Started

How to create an authorization model for your system starting from the requirements.

• More

Configuration Language

Learn Okta FGA's configuration language syntax and its basics.

• More

Modeling Basics

Learn the basics of modeling authorization and granting access to users.

• More

User Groups

Learn to model user group membership, and to grant access to all members of a group.

• More

Roles and Permissions

Learn to model roles for users at the object level and model permissions for those roles.

• More

Parent-Child objects

Learn to model access based on parent-child relationships, e.g.: folders and documents.

• More

Block Lists

Learn to model denying access if users are part of list of blocked users.

• More

Public Access

Learn to model giving everyone specific access to an object, e.g.: everyone can read.

• More

Multiple Restrictions

Learn to model requiring multiple privileges before granting access.

• More

Custom Roles

Learn to model custom roles that are created by users.

• More

Contextual and Time-Based Authorization

Learn to model and authorize when IP Address, time, and other dynamic and contextual restrictions are involved.

• More

Authorization Through Organization Context

Learn to model and authorize when a user belongs to multiple organizations.

• More

Modeling Concepts

Learn the underlying concepts/building blocks that can be used to build any model.

• Direct Relationships
• Concentric Relationships
• Object to Object Relationships
• Usersets

Migrating

Learn to migrate relations and models in a production environment.

• Migrating Relations