xdhc8 (xdhc8) asked a question.
Linking my previous question as it falls under the same context:
https://support.okta.com/help/s/question/0D54z00007x5k73CAA/sso-with-google-analytics
Is it possible to have an Okta tile, for example, Google Workspace, where this tile doesn't log you in via SAML SSO using your current Okta user context, rather that it would log you in using another users SAML SSO? The other user wouldn't be an Okta user, rather a separate user in Google Workspace.
I did find a GitHub project which is also on toolkit.okta.com and it's called "Sample architecture on how to implement a 'Proxy Login' function using Okta" https://toolkit.okta.com/apps/oktadelegate/
Would this proxy login allow me to create a solution for this use case?
Essentially we have some service accounts and shared accounts with Google Workspace and we are running into issues with multiple users logging into these accounts and are being presented with the Login Challenge from Google as the account is being logged into from different IP addresses and triggering the login challenge. There's no way to disable the login challenge, a Google Workspace admin needs to turn off the login challenge for 10 minutes to allow users to login. There also isn't an API on Google's end to automate the disabling login challenge process. However if we were to authenticate against Google via Okta SAML, the login challenge won't be triggered. We could create 90+ Okta accounts/users and share those credentials with staff, but that seems overly complicated and will cost more as we would need more licenses.
Ideally we would solve this problem with Okta by having a tile that logs you into Google Workspace as that service/shared account using SAML. I know we can use SWA but that just auto fills the username and password, it doesn't stop Google from presenting you with the login challenge.
If Okta cannot solve this problem, we may need to look at either setting up a VPN for all of these users to use when logging into these service accounts, or set up a remote desktop server of some sort that all users will need to connect to in order to log into these shared/service accounts.
Hi @xdhc8 (xdhc8),
Thank you for posting on the Okta community page!
I have looked over the proxy login functionality but it seems that it will not work with a SAML application because it requires an access_token which is used for OpenID or OAuth 2.0 integrations, and the SAML SSO method does not use this token for authentications.
Additionally, on the Okta side you cannot configure the SAML application in order for a user to access multiple accounts because once the user access the application from Okta, they will be authenticated based on the information configured on the app profile in Okta.
If you would like to see such functionality you can submit a feature request. The best way to file a feature request would be from the community site.
------------------------------------------------------------------------------------------------------------------------------------------------
The October issue of the Okta Community is here and packed with tips on certification, how to earn badges, and new releases. Let us help you stay connected.
@flaviu.vrinceanu1.5628408972654734E12 (Customer Success Service Delivery) Could logging in as a user (customer) to check some issues be made easier with the use of this proxy login solution? Basically, we want to check what problem the real customer is experiencing by trying to impersonate him or her. Can this be applied to that need?