6c61m (6c61m) asked a question.
How do I handle apps which don't support Okta SSO, but do support "Sign in with Google"
I am adding GSuite to Okta and it seems to work well. However we have other apps in the company such as https://organimi.com which traditionally our employees have just used the "Sign in with Google" feature. Organimi does not support Okta however. With G Suite connected to Okta, clicking "Sign in with Google" works if I am already signed into G suite. However, if I am not signed into G Suite, it brings up the Google username and password. How should we handle these kinds of apps? The one option I can think of is to set up Okta to use Google as the identity provider and then at least both Okta and Organimi would use the same password. Is there a better solution?
Using the Okta plugin is an option if the app you mentioned doesn't support SAML or OIDC - https://support.okta.com/help/s/article/What-is-Secure-Web-Authentication-SWA only thing is when the password expires in the service provider it would need to be re-entered again by the end user.
The IdP routing rules like you mentioned is probably a better option - https://help.okta.com/en/prod/Content/Topics/Security/Identity_Provider_Discovery.htm
The problem with SWA is by hooking up GSuite to Okta, we are removing the need for users to use a google password. But with organimi and other similar apps they still need a google password.
Hi Jay, I'm pretty sure users can still sign in to apps using Google even with Google federated to Okta. If they do not have an active Google session, they should get redirected to Okta for auth (at the google login), and then sent back through the app flow.
Is it possible you are a super admin in your Google domain. If I recall, admins still have to login with credentials, which might explain why you are getting prompted when you do not have an active session. https://support.google.com/a/answer/6341409?hl=en&ref_topic=7556907
Yeah, that was my hope, so I had a co-worker ,who is not a super admin, try it and the same behavior happened. Google did not forward onto Okta in the specific case that a third party app was logging in via a Google account. It did forward onto Okta when logging to apps.
After several false starts, I found this to help me set up Google as an Identity provider:
https://www.oomphinc.com/insights/add-google-identity-provider-with-oktas-sso/