Using SWA with Groups Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Rod PaytonRod Payton 

Using SWA with Groups

We built a SWA app integration months ago and are now finally going live. However, we now discover that SWA apps cannot use Groups to assing users? Furthermore, in using the SWA app with People it wants us to enter the Password twice which the second time must (apparently) be done manually!! We are successfully pulling the password once through our AD integration, so why a manual second step? Any way to populate it with the AD pull, like using a mapping?

Is there a solution/work around?:
Preferred - a way to use Groups for our SWA app (don't get the logic disallowing this)
Secondary - a way to eliminate the second password requirement - or a way to pre-populate the second password (what a nuisance BTW)

Background - the SWA app is pointing to a Citrix XenApp site which authenticates to a vendor's AD which we have NO control over and they are not interested in adding SAML at this time. We go live this week! either I spend my days adding the second Password to the SWA People or I get some help, hoping for the latter :)
Kevin TurnerKevin Turner (Okta, Inc.)
To fully answer I would need to know what credentials are being used to authenticate the user to the application when the application is wanting to be applied by a group assignment. One option that you might be able to use with group assignment is the 4th SWA option "Administrator sets username, password is the same as user's Okta password".

In this use case the username and password can be automatically assigned to the SWA application without the need to apply a second password that you seem to be having to do.
Rod PaytonRod Payton
Further detail - The SWA app is Citrix NetScaler Web login, so I am passing the Login and Password. Unfortunately the NetScaler sues the vendor's Active Directory which I have no access to or control over. The vendor simply gives me the user credentials, about 250 users! And no, the vendor is not willing to do SAML at this time. I have stored the login/password credentials in my AD where Okta authenticates the user. I Mapped the extended AD Attributes with these values to be passed as Login/Password. So upon successful authentication against MY AD, I pass the attribute values to the Citrix Web Interface which authenticates the user against the Vendor's AD.