Restrict website to Okta SWA Skip to main content
https://support.okta.com/help/answers?id=9062a000000qukiqac&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Gregor BlajGregor Blaj 

Restrict website to Okta SWA

Hi,

I would like a certain website to be accessible only via Okta, so MFA can be enforced. The application is set up to use SWA and it works correctly, the problem is that someone could also browse to the website directly and bypass Okta/MFA. If I restrict the firewall to just Okta's IPs, this doesn't work as the client is redirect directly to the website after authentication.

Is there a way around this (while still using SWA)?

Thanks for any help.
Jim KnutsonJim Knutson (Okta, Inc.)
Gregor, 
Good Question. This is where SAML comes in. SAML is smart enough to know that there is an Identity Provider involved, and will defer to the IDP for a valid Okta Session, Once you control the app with SAML, you can then enforce any number of policies including MFA.
Hope that helps!