I would like a certain website to be accessible only via Okta, so MFA can be enforced. The application is set up to use SWA and it works correctly, the problem is that someone could also browse to the website directly and bypass Okta/MFA. If I restrict the firewall to just Okta's IPs, this doesn't work as the client is redirect directly to the website after authentication.
Is there a way around this (while still using SWA)?
Gregor, Good Question. This is where SAML comes in. SAML is smart enough to know that there is an Identity Provider involved, and will defer to the IDP for a valid Okta Session, Once you control the app with SAML, you can then enforce any number of policies including MFA. Hope that helps!