Okta provides a single sign-on (SSO) service that allows users to log in to different systems using a centralized process. In addition to SSO, it provides multiple other services such as Universal Directory, Identity Governance, Multi-factor Authentication, and Access Gateway.
Okta provides secure SSO access to hundreds of supported SaaS apps via OIN (Okta Integration Network). OIN integrations often use OpenID Connect (OIDC) and SAML, but SWA, or proprietary APIs for SSO are also usable. The vendor maintains all provisioning APIs and SSO protocols internally.
In this article:
Okta provides a standalone app that integrates with your organization’s systems to provide SSO. Users must first sign into Okta, and can then access other applications and services with their Okta credentials. Okta also supports user provisioning and deprovisioning for applications that expose their provisioning APIs.
Okta provides SSO access to applications in different ways:
Compare Okta to other Single Sign-On solutions
Okta offers two plans for its SSO service:
Okta also offers the following complementary services that can be used together with SSO:
Here are some of the SSO protocols and standards supported by Okta SSO.
To get a better understanding of SSO integrations, see our SSO authentication guide
The OpenID Connect (OIDC) protocol provides an SSO authentication layer based on the OAuth 2.0 protocol, which uses tokens to secure access. Okta can serve as a service provider (SP) or an identity provider (IdP) for OIDC authentication. Administrators can search for OIDC integrations in the Okta Integration Network (OIN) catalog and add them to the Okta end-user dashboard.
Okta integrates with OIDC apps as an IdP, providing SSO functionality. The workflow is as follows:
Okta also serves as an SP, enabling SSO authentication using other solutions such as the Oracle and Tivoli access managers.
SAML (Security Assertion Markup Language) is an SSO protocol based on XML. Okta can serve as an SP or IdP for SAML authentication. SAML is the most popular protocol for SSO because it reduces an organization’s attack service while improving the end-user experience.
When users sign to applications with SAML, the IdP uses SAML assertions to vouch for the users. Often, users must pass MFA challenges to generate an assertion. SAML assertions are XML files with an authentication, attribution, or authorization statement. These statements provide details to verify users and their access level to the SP. SAML can authorize users for multiple access privileges.
Administrators can search for SAML integrations in the OIN and add them to the end-user dashboard. Okta integrates with SAML 2.0 apps as an IdP providing SSO and MFA functionality. The workflow is as follows:
The XML-based WS-Fed (Web Services Federation) protocol is useful for SSO, especially for legacy Windows applications. Okta serves as the IdP or authorization server, enabling integration with WS-Fed apps. Administrators can search the OIN catalog for WS-Fed integrations and add them to the end-user dashboard.
The workflow looks like this:
SWA (Secure Web Authentication) is an SSO technology for web apps that lack support for federated protocols like SAML, OIDC, and WS-Fed. Admins and end-users can set credentials for an application in Okta, which stores them securely with AES-256 encryption. Once set up, end-users can directly sign in to the app via Okta.
Unless an admin sets SWA credentials, Okta prompts the users to provide a username and password with the first sign-in. After the first successful sign-in, users can automatically sign in to the app by clicking on their dashboard’s integration icon. Administrators can search for SWA integrations in the OIN, add them to an organization, and assign them to end-users to create an SWA app integration icon on their dashboards.
SCIM, or System for Cross-Domain Identity Management, is a standard allowing administrators to manage end-user and group data. Okta integration automates user account and credential management. An admin can set up a SCIM integration to connect directly to the cloud or via an on-premise agent.
SCIM is a protocol for provisioning (exchanging information about the user or group lifecycle). The Okta provisioning workflow best uses create, read, update, and de-provision operations. Okta records the events impacting a user’s lifecycle, modifying the application’s record.
Admins can search for provisioning integrations in the OIN and add them to the end-user dashboard as SCIM integration icons. The workflow is as follows:
Administrators can manage Okta provisioning for cloud apps by selecting SCIM integrations, allowing them to connect to Okta and use SCIM features such as password synchronization and profile attribute mapping.
Frontegg is revolutionizing the user management space with its self-served features that reduce stress on dev and support teams, eliminate in-app friction, raise customer satisfaction levels – all effective revenue boosters. With Frontegg, you can integrate SSO with just a few lines of code before configuring it with the identity provider of your choice. For example, you can choose between SAML and OpenID.
The benefits don’t stop there. There is instant access to Audit Logs, something that also usually requires a lot of development resources. The customizable Login Box builder also takes care of most common front-end needs. All in all, Frontegg ticks all key boxes and provides end to end coverage for users looking to implement string SSO flows in industry-leading times.
Start For Free
