Okta Security Knowledge - Trusted Origins for iFrame Embedding
Last Updated:
Overview
Okta enterprise customers, customers with compliance requirements, and customers who may have taken improper guidance from vendors/partners.
Applies To
- Trusted Origins for iFrame embedding
- Okta Identity Engine (OIE)
Solution
By utilizing Trusted Origins for iFrame embedding, trusted origins can embed Okta sign-in pages and Okta resources. This method offers greater security compared to the iFrame Embedding option in Customizations, which is based on x-frame-options. With the Customizations option, any resource might be embedded into any site. However, with Trusted Origins, it is ensured that only trusted origins can embed the resources.
Related References
- More information on how to enable Trusted Origins for iFrame Embedding.
- To learn more, multiple resources are available at the Okta Support Center.
