OAG: Unable to SSO in an iframe when Okta Session is Valid
Jun 30, 2025
Access Gateway
Okta Classic Engine
Okta Identity Engine
Overview
Users are unable to authenticate inside an iframe with a valid Okta session. The Okta login page gets populated in the iframe rather than a successful authentication to the application. Trusted origin for iframe embedding has already been enabled.
Applies To
- Okta Access Gateway
- Application with iFrames
Cause
Third-party cookies are blocked in the browser. Because of this, existing Okta session cookies are not sent with SAML requests through iframe.
Solution
Allow third-party cookies in the browser.
