Our users are from various other organizations, so they can't experience true SSO from their Windows PCs. What options do they have to log into the apps that we make available to them? Do they have to first go to the Okta portal and log in, and then select an app? Or can they go directly to an app's URL and enter their credentials? I am guessing that the latter won't work unless the app has a connection to our AD (which it doesn't, hence the need for Okta).
Hi Lauri, users can log into apps using two types of flows known as Identity Provider login and Service Provider login. Identity Provider (IdP) login is when a user logs into Okta first and clicks on the app chiclet which authenticates/redirects the user to the application. The second flow is called a Service Provider (SP) login. This is where the user accesses the application directly outside of Okta. The Service Provider redirects the user to Okta for authentication to the application. For example, a SP flow would occur if a user accesses the applications URL directly. Once the user enters his or her username, the SP will redirect the user to Okta and Okta will send the authentication to the SP and allow the user to login. Okta can connect to your AD and become the link between the application and your AD. Let me know if that answers your question or if you have any other questions I can answer for you.