Admins may require specific users or groups to authenticate via an External Identity Provider (IdP) (such as Azure AD or Google), specifically when accessing the Okta Admin Console. However, current system limitations affect how Routing Rules can be targeted toward this specific application.
- Okta Admin Console
- External Identity Provider (IdP)
- Routing Rules
- Single Sign-On (SSO)
- Managment & Monitorning
- API Access Managment
This behavior is by design. The Okta Admin Console is classified as a protected system-level application rather than a standard user application. To prevent potential "lockout" scenarios where an Admin might be unable to access the console due to an external IdP failure, the Admin Console is excluded from the application-specific selection list in IdP Routing Rules.
When setting up an IdP Routing Rule, the Okta Admin Console is not available for selection in the User is accessing section. Therefore, a rule cannot be scoped exclusively to the Admin Console application.
To submit this idea as a feature request/Idea for consideration in the Okta Product Roadmap, please check out the article below for more information about Okta Ideas:
