Skip to main content

This section has guides, concepts and examples that help you define an authorization model.

When to use

The content in this section is useful:

  • If you are starting with Okta FGA and want to learn how to represent your organization's/system's authorization needs.
  • If you are working on iterating on an authorization model you previously defined.


Getting Started

How to create an authorization model for your system starting from the requirements.

Configuration Language

Learn Okta FGA's configuration language syntax and its basics.

Modeling Basics

Learn the basics of modeling authorization and granting access to users.

User Groups

Learn to model user group membership, and to grant access to all members of a group.

Roles and Permissions

Learn to model roles for users at the object level and model permissions for those roles.

Parent-Child objects

Learn to model access based on parent-child relationships, e.g.: folders and documents.

Block Lists

Learn to model denying access if users are part of list of blocked users.

Public Access

Learn to model giving everyone specific access to an object, e.g.: everyone can read.

Multiple Restrictions

Learn to model requiring multiple privileges before granting access.

Custom Roles

Learn to model custom roles that are created by users.

Contextual and Time-Based Authorization

Learn to model and authorize when IP Address, time, and other dynamic and contextual restrictions are involved.

Authorization Through Organization Context

Learn to model and authorize when a user belongs to multiple organizations.

Modeling Concepts

Learn the underlying concepts/building blocks that can be used to build any model.


Learn to migrate relations and models in a production environment.

Have Feedback?

You can use any of our support channels for any questions or suggestions you may have.