Okta Developer Exam Study Guide

To learn how to prepare for your Okta Certification Exam, watch our video here.

Introduction

Congratulations! You are one step closer toward earning your Okta Certified Developer certification.

This exam study guide is designed to help you prepare for the Okta Developer Certification Exam. Passing this exam is a requirement for becoming an Okta Certified Developer. Detailed exam topics and available preparation resources are included in this guide. Reading this guide in no way guarantees a passing score on the Okta Developer Exam.

How to use this study guide

At minimum, we highly recommend that you thoroughly review each topic listed in the Developer Exam subject areas section of this study guide. Make sure you understand each topic. Every topic within that section relates to at least one question or one task on the exam. If you are not familiar with a topic, research it by either using one of the corresponding provided preparation resources or searching the Okta Help Center, Okta Product Documentation Library, or the Okta Developer Portal. Some topics are best learned through hands-on experience with the Okta service.

What does it mean to be an Okta Certified Developer?

Okta Certified Developers are technically proficient at building secure, seamless experiences, using Okta APIs and SDKs. Okta Certified Developers have experience working with RESTful APIs and developing web applications. They have a general understanding of authentication and authorization standards such as OpenID Connect (OIDC) and OAuth, as well as how Okta supports these standards for building authentication, flexible authorization, and role-based access control. Developers also have experience configuring authorization with API Access Management and implementing Single Sign-On (SSO) with OIDC. They have working knowledge of Okta Lifecycle Management and administrative APIs.

The primary candidates for the Okta Certified Developer certification are individuals who meet the following requirements at minimum:

More than four years of experience in a software development role
More than six months of hands-on experience implementing custom identity solutions with Okta
Experience using Okta API Access Management to secure APIs
Experience creating custom authorization servers, defining scopes and claims, and creaing policies and rules to secure APIs
Experience using Okta REST APIs and knowing how to pass the correct API parameters in requests.
Experience building client apps that authenticated users against Okta
Experience configuring OIDC and OAuth apps in Okta
Experience assigning and unassigning apps to users using Okta Users and Groups APIs
Knowledge of how to validate an authenticated user’s session
Understanding of the design principles of Okta APIs, including how to use pagination and how to filter query parameters on attributes
Knowledge of how to identify and work with Okta API rate limits
Knowledge of where to find the most current documentation and resources on Okta APIs
Experience using Okta APIs to query logs and events
Experience creating, updating, and deleting users, groups, and apps using Okta APIs
Knowledge of when to use Okta REST APIs, Sign-in Widgets, and SDKs
Understanding of the various Okta supported OIDC and OAuth flows, and knowledge of when to use them
Understanding the differences between an Org authorization server and a custom authorization server in the context of OIDC and OAuth
Understanding of how an Okta policy and the rules associated with that policy affect API calls and responses
Knowledge of how to enforce Okta multifactor authentication for users in client apps
Knowledge of how to interpret the common Okta API error codes
Understanding of the different ways to create Okta sessions for Single Sign-On, including redirectUrl, OIDC authorize, and Legacy Sessions API
Experience implementing the Okta Sign-in Widget with customizations
Knowledge of how to do implicit and hybrid flows from the Okta Sign-in Widget
Knowledge of how to create sessions in Okta using Okta APIs and SDKs
Knowledge of how to configure trusted origins (CORS, Redirect), and understanding of the effects of the configuration of trusted origin when redirecting users

About the Okta Developer Exam

Number and types of questions	This exam has two parts. • Part I: 45 Discrete Option Multiple Choice Questions • Part II: Four Performance-Based, Hands-on Use Cases Exam takers complete Part I and then are permitted to start Part II. Exam takers are not permitted to return to Part I after they have completed it and submitted their responses for grading.
Time allotted	Part I: 60 minutes Part II: 90 minutes IMPORTANT: • Each part is timed separately. Any time left over from Part I does NOT carry over to Part II. • Because this is a two-hour and 30 minutes exam, come fully prepared to sit through the entire exam. There is no break between parts I and II of this exam.
Exam fee	USD 250 (USD 100 for each subsequent retake)
Prerequisites	None (Recommended training and preparation resources are listed in the Developer Exam subject areas table at the end of this document.)

Understanding the types of items included on this exam

Part I of this exam includes Discrete Option Multiple-Choice (DOMC) items. Part II contains performance-based, hands-on use cases.

Understanding the DOMC Item Type

DOMC is a powerful measurement tool that produces reliable test scores. It does so by removing several “contaminants” that affect test outcomes but are unrelated to the knowledge and skills being tested. The DOMC item type levels the playing field, and more fairly measures your skills by improving:

Readability. Because you are required to read less text, the exam tends to take less time and places fewer demands on the slower reader or the non-native English speaker.
Fairness. When savvy test takers are unsure of an answer, they look for clues by comparing options or gleaning information from other items on an exam. DOMC removes this test taking advantage and serves as a powerful method to assess your actual knowledge.
Security. Instead of displaying all options at the same time, options are randomly presented one at a time. For each option presented, you must make a YES or NO decision to indicate whether you think the option is correct. Answer options are presented in random order, and in most instances, you are NOT presented with all the available options associated with a DOMC item. Item exposure is limited by presenting only a subset of the available options to you. Limiting item exposure helps ensure the integrity of the exam.

Scoring of a DOMC Item

You can be assured that the DOMC item type is scored fairly and with precision.

If you are presented with a correct option and respond YES, then that response is scored as “correct". A DOMC item can be programmed to require one or more correct responses in order to be complete and to be considered answered correctly. Typically, however, only one correct response is required.
If you are presented with a correct option and respond NO, then that item is scored as “incorrect”.
If you are presented with an incorrect option and respond YES, then that item is scored as “incorrect”.
If you are presented with an incorrect option, and respond NO (technically a correct response), the item is not scored until additional options are presented and responded to.

Note: Even after you respond correctly or incorrectly to an item, additional correct or incorrect options might be presented but yours responses to those options will not be scored at all. This is done to prevent you from guessing the correctness or incorrectness of a response.

The DOMC item format might require you to make some adjustments to your test-taking approaches. The reward of such effort is confidence that those test takers who are certified are truly competent in the areas tested on the exam and will represent excellence in the field.

To learn more about DOMC items, visit https://domc.caveon.com/home. In addition, the Okta Developer Standard Practice exam will help you become accustomed to the new test format. We highly recommend that you become familiar with the format of this item type before taking any Okta certification exams.

Understanding the performance-based use cases in Part II of this exam

Part II of this exam includes four performance-based hands-on use cases. Each use case consists of three or more tasks that you are asked to complete within Okta Preview Orgs. This part of the exam allows you to demonstrate your skill with the Okta service and Okta APIs in a natural way that mimics how developers use Okta on the job.

A use case begins with some general instructions that apply to all the tasks in that use case. The instructions for a use case are presented on a dedicated page labeled "Instructions."

After the instructions are the individual tasks, each on its own dedicated page and labeled accordingly.

Each task must be completed in the order presented. Tasks build on each other, so it is important to complete Task 1 in order to move on to Task 2 and so forth.

You can go back to previous tasks and make changes as necessary. However, it is important to note how changes made to a preceding task affect other tasks within the use case.

Scoring of a performance-based use case

Use cases are graded upon the submission of Part II of the exam or immediately at the end of the 90-minute time clock allotted for Part II.

Navigating Part II of this Exam

Logging in to your Okta org

When you get to the landing page for Part II of the exam, you are presented with an org and credentials to access the org in the Org Info tab.

That tab will contain following pieces of information:

1. Domain of your org

2. The administrator username and password for your org

3. API Token

4. A downloadable file containing a set of Okta API collections for Postman. NOTE: You must create your own Postman account in order to import collections and create environments. Please create a Postman account and ensure you can login prior to taking the exam.

Submitting Part II of the Exam

At the bottom right of the page is a blue button labeled "Save & Submit Exam". After you have completed all of the use cases in Part II and you are ready to submit Part II, click the Save & Submit Exam button. When you do, you will be presented with a confirmation popup, any subsequent configurations you make in your Okta org will not be included in the grading of your configurations for Part II.

Exam scheduling

Okta certification exams are administered and proctored by Examity®, a secure online proctoring service. Okta has partnered with Examity to protect the integrity of our certification exams. Online proctoring means that exams can be taken from almost any location at a time that is convenient for you, without requiring that you travel to a test center. Your Okta Developer Exam must be scheduled at least 24 hours in advance of the time you plan to sit for the test in order to avoid the additional fee associated with on-demand testing. You can schedule your exam through the Okta Certification Credential Manager.

Preparing for the Okta Developer Exam

A combination of instructor-led training courses, self-paced learning, self-study, and on-the-job experience will prepare you to take this exam.

Training

Okta Education Services offers a range of classes and training materials to help you prepare for this certification exam. Although attending a training class does not guarantee success on an Okta certification exam, we strongly recommend that you attend the Okta Customer Identity for Developer course in preparation for this exam. This course covers 78% of the topics measured in the Okta Developer Exam. You can register for this course here: https://www.okta.com/services/training/.

Other Resources

The Okta Help Center contains a knowledge library of articles and videos, some of which are pertinent to topics covered on this exam.
The Okta Content Library offers searchable white papers with a rich body of information to explore before your exam.
The Okta Developer Portal provides extensive Okta Developer documentation and community forums to use in preparation for the exam.
Join the Okta Community to review questions, discussions, ideas, and blogs for additional exam preparation.

Developer Exam subject areas

The following tables list the topics that are covered in Parts I and II of this exam. These topics are grouped into topics areas, and topic areas roll up into domains/exam sections. Use these tables as an outline to guide your study and validate your readiness for the Okta Developer Certification Exam.

Part I

Exam Domain	Percentage of Part I Related to Domain
Authentication	9%
Compare and Evaluate Authentication Methods
Understand pros and cons of authentication types (e.g., custom login page vs. Okta login page) Understand the Authentication API transactional model	Preparation resources: Authentication transaction model Okta Sign-In Widget Application Types External Identity Providers
Understand Methods for Creating an Okta Session
Contrast the different ways to set a session in Okta Retrieve a Session Cookie using OIDC Connect Az Endpoint Manage an Okta Session via the Okta Sessions API	Preparation resources: Session Token Get Current Session Clear User Sessions Suspend User Retrieving a session cookie by visiting an application embed link
SSO and API Access Management with OIDC and OAuth	18%
Enable an OAuth Client Application to Securely Access Services
Use the authorization code flow to obtain tokens Validate tokens Use a refresh token to obtain a new access token Use the /revoke endpoint to revoke a token Identify trusted and untrusted clients and the proper flows to use with each	Preparation resources: Get a Refresh Token What is an authorization server OpenID Connect & OAuth 2.0 API - Tokens and claims OpenID Connect & OAuth 2.0 API Endpoints
Describe client types and flows
Explain why is authorization code flow more secure than implicit flow Define which flow to use when a software or service needs to access an API using access token Explain how OIDC achieves SSO Explain which flow is appropriate for app types Explain the difference between introspect call and signature validation List all possible actors in an OIDC flow	Preparation resources: Validate Access Tokens Overview OpenID Connect & OAuth 2.0 API - Introspect Endpoint Authorization Code Flow with PKCE OpenID Connect and OAuth 2.0 API Recommended Flow by Application Type
Optimize the API consumption
Optimize the API consumption (performance) Optimize the API consumption (security)	Preparation resources: Check you Rate Limits with Okta’s rate Limit Headers Rate Limits Okta API Endpoints and Per-Minute Limits Validate Access Tokens Overview
Lifecycle Management	16%
Use the Core API to Manage Users
Demonstrate understanding of the Users API and which operations can be performed Manage Users via the Users API	Preparation resources: Users API - Request Parameters Users API - Create User in Group Users API - Reset Factor
User Objects, User States, and User Profile Sourcing
Demonstrate understanding of User Objects, User States, and User Profile Sourcing Options	Preparation resources: User Properties Provider Object User Status Understanding User Status Values
Use the Core API - Groups
Manage Groups using the Groups API Manage Group membership using the Groups API	Preparation resources: Add Group Profile Object Group Operations Create Group Rule
Just-in-Time Provisioning (JIT)
Demonstrate understanding of how JIT works as well as when to use JIT	Preparation resources: Provisioning Concepts Account Linking and Just-in-Time Provisioning Identity Providers
Administrative APIs	20%
Use the Core API - Schemas
Demonstrate understanding of the Okta User Schema Demonstrate understanding of Okta Application Schemas	Preparation resources: User Schema Property Types and Validation Schema API
Use the Core API - Policy
Demonstrate understanding of Okta Policies and Rules and how these affect operations	Preparation resources: Authorization Servers - Policy Operations Okta Sign On Policy Password Policy
Use the Core API - Factors
Demonstrate understanding of multi-factor authentication in Okta Demonstrate understanding of the Factors API and which operations can be performed	Preparation resources: Factors API
Use the Core API - OAuth
Understand OAuth configuration in Okta Understand API Access Management	Preparation resources: Dynamic Client Registrations API API Access Management Enable Consent using the APIs Create an Authorization Server OpenID Connect & OAuth 2.0 API - Introspect Endpoint
Use the Core API - Apps
Understand applications in Okta	Preparation resources: Application Properties Apps API Apps API - Request Parameters Apps API - List groups assigned to application
Debug Techniques	9%
Debug API-Related Issues
Investigate API-related issues using sys log, Administrator Dashboard, APIs, and tasks	Preparation resources: Okta Error Codes and Descriptions Users API - List Users
Debug API Requests
Determine when to make API calls Valid user states for API calls	Preparation resources: Okta Error Codes and Descriptions Rate Limits Authentication API Users API
Design Principles	18%
Apply the Okta API Design Principles
Make Okta API requests with the correct HTTP Verbs Make Okta API requests using HTTP headers correctly Make Okta API requests identifying the origin using User-Agent and X-Forwarded-For Read and Understand the Okta API response headers Read and Understand the Okta API response errors Read and Understand the Okta API HTTP response codes	Preparation resources: Pagination Media Types Cross-Origin Resource Sharing (CORS)
Okta API Rate Limiting
Read and Understand the Okta API Rate Limiting	Preparation resources: Rate Limits
Redirect or CORS as Trusted Origin
Identify when to use Redirect or CORS as Trusted Origin	Preparation resources: Enable CORS Trusted Origins API
App Logout and Global Logout
Implement App Logout and Global Logout (Okta)	Preparation resources: Okta Sign-in Widget - authClient Auth SDK for JS Sign users out of your app
Okta Hooks	9%
Inline Hooks
Implement token inline hooks Implement registration inline hooks Implement SAML assertion inline hooks Implement password import inline hooks	Preparation resources: Token Inline Hook Reference Registration Inline Hook Reference SAML Assertion Inline Hook Reference Password Import Inline Hook Reference
Event Hooks
Create event hooks Implement event hook objects Implement event hook auth scheme objects	Preparation resources: Event Hooks - Create Event Hooks - AuthScheme Object
Working with the Sign-In widget for Authentication	2%
Okta Sign-in Widget Customization and Configuration
Configure and customize the Okta Sign-In Widget	Preparation resources: Okta Sign-In Widget Guide Github - Okta Sign-In Widget

Part II

Exam Domain	Percentage of Part II Related to Domain
Onboard new users using Okta’s Management SDK and User and Group APIs	27%
Manage users with Okta’s Management SDK and User and Group APIs	Preparation resources: Users API Groups API
Federate an App through OIDC	33%
Provide federated access to an app using OIDC Display claim data from the ID token	Preparation resources: Create Claims
Securing an API using OAuth and Securely accessing an API from a client app using OAuth	20%
Secure an API using OAuth by verifying there is a valid bearer of token Securely access API from a client application using OAuth in Okta	Preparation resources: Implement the Authorization Code Flow Implement OAuth for Okta
Implement the Okta Sign-In Widget for Authentication Purposes	20%
Implement a custom authentication experience with the Okta Sign-In Widget Implement and enforce multifactor authentication Create a session for a user	Preparation resources: Okta Sign-In Widget Guide Github - Okta Sign-In Widget

Okta Certified Developer Practice Exams

Know what to expect on the day of the exam. Take the Okta Developer Standard Practice Exam to familiarize yourself with both the exam content and the format of the DOMC item type.

Okta Developer Standard Practice Exam

Take the Okta Developer Premier Practice Exam to evaluate your readiness for the Okta Certified Developer Exam. This Premier Practice Exam measures many of the same topic areas and configuration tasks that are measured in the Okta Certified Developer Exam. Click the button below to check it out.

Okta Developer Premier Practice Exam

Preparation videos for Part II

In Part II, you will be required to use a few special tools to complete the use cases. Training videos on using these tools are provided through the following links:

Downloading and setting up Postman NOTE: You must create your own Postman account in order to import collections and create environments. Please create a Postman account and ensure you can login prior to taking the exam.
Creating an OIDC App and testing it with OIDC Debugger
Creating a glitch.com account and remixing a Glitch project

Subject matter experts for the Okta Developer Exam

Okta certification exams are designed and built by subject matter experts who have extensive real world-experiences implementing and administering the Okta service.

Here is the list of subject matter experts who helped design and/or build this exam: