pi2eg (pi2eg) asked a question.
Prevent Users Logging in to SWA Apps directly (outside of Okta)
Is it possible to prevent someone from logging in to an SWA app directly if the credentials are known?
i.e. someone has a website username and password so they bypass OKTA and just go directly to the website and use the credentials to log in.
Secondly, if the passwords are scrambled so that the end user does not know credentials in order to be able to bypass Okta, how do we stop them from initiating a password reset directly via the application?
Hello @pi2eg (pi2eg) Thank you for reacting out to our Community!
At this time there is no way for us to block access for SWA applications, as this type of application was created just to have easier access to the website for your end-users and the Plugin is just pushing the credentials.
For the second part, there is nothing we can do from our side to block users to reset passwords on a 3rd party application, you need to check if on the application side you have a way to block password resets.
A way to restrict all of this would be to integrate the application with SAML on Okta side and this would be the easy fix for both problems.
The Okta Community Catalysts Program is now live. Collect online badges when you participate in the Okta Help Center Questions community. Learn more here.