<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00007ePQ2FCAWOkta Classic EngineSingle Sign-OnAnswered2024-04-16T12:00:29.000Z2022-05-12T08:39:35.000Z2022-10-06T05:04:53.000Z

5acjt (5acjt) asked a question.

May 12, 2022 at 8:39 AM
2FA with SWA

Hello there.

 

I want to find out the general workflow for using shared logins for services like Instagram, Facebook and Twitter.

 

Our company has a login for each of these social platforms and we have a social media team here but we don't want to give out the credentials as every time a team member leaves we have to change the password.

 

Using OKTA with SWA works perfectly if 2FA is turned off for Instagram, Facebook and Twitter.

 

My question is, Is turning 2FA off for Instagram, Facebook and Twitter a security risk when using OKTA SWA.

 

What is the alternative? I don't want to add every single user's device to the 2FA so that every time one of them tries to log in they all get pinged with a code.

 

There must be a workflow to do this?

 

Any ideas would be amazing. Thank you.

  • 3 answers
  • 1.09K views

  • Paul S. (Okta, Inc.)

    Hello @5acjt (5acjt)​ Thank you for reaching out to our Community!

     

    Using a SWA on Okta's end, we do not have a way to enforce 2FA because the application is not bound through any means with Okta. However, technically if the users do not know the credentials you can put in place a policy to use MFA, do keep in mind that if one of the users know the username and password then they will be able to bypass that policy.

    If you want to secure these accounts you can try to make the use SAML/OIDC to sign in or the alternative would be to setup 2FA on that end.

    Hope this helps!

    Expand Post

  • 5acjt (5acjt)

    Thank you for your reply 🙂

     

    The issue is that Facebook, Twitter, Instagram and youtube don't support SAML/OIDC. Far as I know only SWA.

     

    I found a way of having 2fa for one account on multiple devices by saving the QR code and having every user wanting to login add that account on his authenticator app.

     

    Issue is now when users log in using SWA on Okta the browser (chrome/safari) asks if they want to save the account details and if they do this they can find out the password and the whole point of Okta becomes redundant for us.

     

    What are my options here?

    Expand Post

  • MichaelZ.03709 (Customer)

    So long as you are using strong passwords and MFA to log in to Okta, I don't believe you're compromising safety by turning off 2FA on the apps, it's basically already behind two-factor authentication. If you feel it's still risky, you might see if you can set up a 2fa to be sent to an email list that the social media team has access to.

This question is closed.
Loading
2FA with SWA