<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Configure Okta Org2Org SWA Applications for Password-First and Identifier-First Login Flows
Mar 13, 2026
Administration
Okta Classic Engine
Okta Identity Engine
Overview

This article provides instructions for configuring an Okta Org2Org application using Secure Web Authentication (SWA) for an Okta tenant. By creating an SWA application, one can seamlessly authenticate into another Okta tenant by simply launching an application chiclet/tile. The Okta Browser Plugin automatically populates the Okta credentials (Username and Password).

The steps differ depending on whether the target tenant uses a Password-first or Identifier-first login flow. The Okta Integration Network (OIN) provides a predefined application for the Password-first flow.

Applies To
  • Okta Org2Org
  • Secure Web Authentication (SWA)
  • Okta Browser Plugin
  • Okta Identity Engine (OIE)
  • Okta Classic Engine
Solution

The Okta Browser Plugin must be installed and authenticated for SWA applications to function correctly.

Password-First Login Flow (Username and Password on the same page)

This flow uses the predefined OIN application.

  1. Navigate to the Admin Console > Applications > Applications.
  2. Select Browse App Catalog.
  3. Search for and select the Okta Org2Org application.
  4. Select Add integration.
  5. In the Base URL field, enter the login URL of the target Okta tenant.
  6. Under Sign on methods, select the Secure Web Authentication option.


Identifier-First Login Flow (Username on first page, Password on second page)

This flow uses a template application.

  1. Navigate to the Admin Console > Applications > Applications.
  2. Select Browse App Catalog.
  3. Search for and select the Template Two Page Plugin App.
  4. Select Add integration.
  5. Configure the application with the following settings:
    • Application label: Enter a descriptive name, such as "Org2Org Two Page Template Plugin app".
    • Login URL: https://<subdomain>.okta.com
    • Redirect URL: https://<subdomain>.okta.com
    • Password page URL: https://<subdomain>.okta.com
    • Username field: input[autocomplete=username]
    • Next button: input[data-type=save]
    • Password field: input[type=password]
    • Submit button: input[data-type=save]
  6. If the Okta plugin does not inject the credentials after configuration, modify the Login URL by appending /login/default to the end (for example, https://<subdomain>.okta.com/login/default).

Related References

Recommended content

Still looking for help?
Loading
Configure Okta Org2Org SWA Applications for Password-First and Identifier-First Login Flows