Okta Terminology Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Okta Terminology
Published: Jan 9, 2015   -   Updated: Jun 22, 2018


A software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations.



An abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in.


An abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisiong of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button (shown below) on the upper right side of the My Applications page.



The "buttons" that appear on an end user's Home page and represent each application they wish to access through Okta. Clicking the chiclet allows the end user to instantly sign in and authenticate themselves into their chosen app.



Essentially, a client is anything that talks to the Okta service. Within the traditional client-server model, Okta is the server. The client might be an agent, an Okta mobile app, or a browser plugin. 

Community Created

Each app found on the Okta Applications Page has either an Okta Verified, Community Created, or Community Verified designation. Community Created means that the app was created by the Okta community, but has not yet been tested and verified by Okta.

Community Verified

Each app found in the Okta Applications Page page has either an Okta Verified, Community Created, or Community Verified designation. Community Verified indicates that the app was created by the community and has shown some evidence of quality, such as active usage or multiple members of the community using it. However, Okta has not tested it and does not support it in anyway.

Cloud (computing)

Cloud computing refers to applications and services offered over the Internet. These services are offered from data centers all over the world, which are referred to collectively as "the cloud."

Downstream Application

In the context of Okta provisioning, a downstream app is one that is receiving data from Okta.

End Users

In Okta literature, we refer to "end users" as the people who have their own Okta home page (My Applications), using chiclets to authenticate into all of their apps. End users do not have any administrative control. When we refer to "users" we are generally referring to the individual(s) who have administrative control.


Groups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups.


An acronym for Identity Provider. It is a service that manages end user accounts analogous to user directories such as LDAP and Active Directory, and can send SAML responses to SPs to authenticate end users. Within this scenario, the IdP is Okta.


An acronym for independent software vendors. Okta partners with various ISVs (usually producing enterprise applications) to integrate on-premises, in the cloud, or native-to-mobile devices with Okta.

My Applications Page

This is the central home page for Okta users. It is the first page that appears after signing into Okta each day, and displays the chiclets that represent an end user’s applications.This page will usually have a URL that looks something like acme.okta.com/app/UserHome.

For admins, clicking the My Applications button (shown below) takes them from the Administrator Dashboard to their own apps.



An acronym for the Okta Application Network. The OAN is comprised of thousands of public, pre-integrated business and consumer applications. As an on-demand service, OAN integrations are continuously validated, always up to date, and constantly growing both in number and capability. Okta performs a single integration with an ISV or SP, providing thousands of end users with point-and-click customization for their orgs.


An acronym for Okta Mobility Management. OMM enables you to manage your users' mobile devices, applications, and data. Your users enroll in the service and can then download and use managed apps from the Apps Store. Managed apps are typically work-related, such as Box or Expensify. As an administrator, you can remove managed apps and associated data from users' devices at any time. You can configure policies, such as data sharing controls, on any of your managed apps. See Configuring Okta Mobility Management for more information.

Okta Verified

Each app found in the Okta Applications page has either an Okta Verified, Community Created, or Community Verified designation. Okta Verified indicates that the app was created either from the OAN or by Okta community users, then tested and verified by Okta.


An abbreviation of organization, but can also be thought of as a company. A company that uses Okta as their SSO portal is generally referred to as an org. As an administrator, you decide how Okta should be displayed and/or integrated with your org.


An acronym of Organizational Unit. Organizational units are Active Directory containers into which you can place users, groups, computers, and other organizational units.  It is the smallest scope or unit to which you can assign Group Policy settings or delegate administrative authority.

Partner-Built Provisioning

The provisioning integration of some OAN apps are built by a partner, typically the ISV of the integrated product/service. This means that the partner decided what specific integration features to include and wrote the documentation. The integration was then Okta Verified through a rigorous review process. 

Profile Master

A profile master is an application (a directory service like Active Directory or an HR management software such as Workday) that can act as the “source of truth” for user identities. If more than one profile master exists on the Profile Masters page, they can be prioritized so that end users can be mastered by different systems, based on their assignments. There can only be one profile master that masters a user’s entire profile. For more details, see People.

When users are mastered by attribute, we call this attribute-level mastery (ALM). ALM delivers finer grain control over how profiles are mastered by allowing admins to specify different profile masters for individual attributes. Profile mastering only applies to Okta user profiles, not app user profiles. For more details, see Attribute Level Mastering.


An acronym for Security Assertion Markup Language, SAML is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). The SAML standard addresses issues unique to the single sign-on (SSO) solution, and defines three roles: the end user, the IDP, and the SP.

Here's how SAML works through Okta:

  • SP-initiated flow: the end user requests (principally through a browser) a service from the SP. The SP requests and obtains an identity assertion from the IdP (in this case, Okta). On the basis of this assertion, the SP can decide whether or not to authorize or authenticate the service for the end user.
  • IdP-initiated flow: with Okta as the IdP, an end user goes to the Okta browser and clicks on a chiclet, sending a SAMLResponse to the configured SP. A session is established with the SP, and the end user is authenticated.


An acronym for service provider. Generally, an SP is a company, usually providing organizations with communications, storage, processing, and a host of other services. Within Okta, it is any website that accepts SAML responses as a way of signing in users, and has the ability to redirect a user to an IdP (e.g., Okta) to begin the authentication process.


An acronym for single sign-on. In a SSO system, a user logs in once to the system and can access multiple systems without being prompted to sign in for each one. Okta is a cloud-based SSO platform that allows users to enter one name and password to access multiple applications. Users can access all of their web applications, both behind the firewall and in the cloud, with a single sign in. Okta provides a seamless experience across PCs, laptops, tablets, and smartphones.


An acronym for Secure Web Authentication. SWA is a SSO system developed by Okta to provide single sign-on for apps that don't support proprietary federated sign-on methods or SAML. Users can enter their credentials for these apps on their homepage. These credentials are stored such that users can access their apps without entering their credentials each time. When users first sign-in to a SWA app from their homepage, they see a pop-up message asking if they were able to sign-in successfully.


In Okta literature, we generally refer to "users" as the people who serve as Okta administrators. When we refer to "end users" we are generally referring to the people who the administrators serve. I.e., those who use Okta chiclets to access their apps, but have no administrative control.