Single Logout (SLO) is a feature that permits users to sign out from both an app and Okta simultaneously. This article explains the key aspects of SLO with Okta.

• Single Logout (SLO)
• Identity Provider (IdP)
• Service Provider (SP)

Here are key considerations related to SLO with Okta:

• Okta primarily supports Service Provider-Initiated (SP-Initiated) SLO, where the application initiates the logout process by sending an SLO request to Okta. This is the standard way to begin a logout sequence with Okta.
• Okta also has functionality to extend the logout to other applications, specifically by using the multiple device SLO feature. Okta can initiate logout requests to other participating applications after receiving the initial SP-initiated logout. For more details, see: Configure Single Logout.
• Logout requests from the Service Provider (SP) to Okta must be signed and adhere to relevant sections of the Security Assertion Markup Language (SAML) 2.0 specification. 
• SLO, when properly configured, can facilitate logging out of multiple applications within a user's session. However, it is important to note that this depends on the SLO capabilities of the individual applications and the specific Okta SLO configuration.

Related References