An Okta admin is evaluating capabilities of authorization servers. Which ability is supported only by the organization’s authorization server?

The ability to manage API scopes through Okta is a specific feature supported by an organization's authorization server. Authorization servers in Okta are designed to handle access and permissions for APIs, and one of their core functions is to define and manage API scopes. Scopes determine the level of access that clients (like applications) can request when attempting to gain authorization to access a resource.

With this specific feature, administrators can create, modify, or delete custom scopes as needed, allowing them to tailor the authorization process based on the organization's unique requirements. This includes fine-tuning what resources can be accessed and under what conditions, enhancing security, and ensuring that applications only have the access they absolutely need.

In contrast, the other options are features that may not be unique to an organization's authorization server. For instance, integrating with third-party applications can occur through various methods and is not solely governed by the capabilities of the authorization server. Utilizing custom branding is often a feature of Okta’s user interface and can apply to multiple services outside of just the authorization server, similarly enforcing password policies is typically managed through general security settings rather than being an exclusive feature of the authorization server itself.