ChildrensI.01995 (Customer) asked a question.
We are new to using a SSO. I have setup our account and added our external resources. The resources that have the SAML 2.0 option are being utilized.
The confusion is how to setup the other resources that require SWA without our own Active Directory. We are trying to configure those resources with SWA using the Okta Universal Directory.
How does this work? After installing the browser plug-in I go to one of the resources and the plug-in ask if I want to save the login to Okta. If we reset our Okta password will it change the password to all resources connected by SWA? Or is it only saving the current password? Our objective is to have users change their Okta password and then sync the password change to all their connected resources. Are we doing this correctly?
Ciprian from Okta Support here,
In order to get a better understanding about SWA apps and SSO I would suggest to review our documentation.
If you install the browser plugin and reset a user's password it will only reset the current password for 1 user and not for all the resources.
SWA was created for apps that do not support federated SSO. When you enable SWA for an app, end users see a link next to their app icon on their My Applications page. Selecting the link enables them to set up and update their credentials for that app. Okta stores the end user's credentials in an encrypted format using strong encryption combined with a customer-specific private key. When end users click an application icon, Okta securely posts their credentials to the app login page over SSL and the user is automatically signed in.
By configuring users' sign-in options, you can make their SWA credentials match their Okta credentials so additional sign-ins are not required after you have signed into Okta.
Ref link = > https://help.okta.com/en/prod/Content/Topics/Apps/Apps_Overview_of_Managing_Apps_and_SSO.htm