0D54z00009YtzFKCAZOkta Classic EngineSingle Sign-OnAnswered2023-08-17T16:06:11.000Z2023-08-16T09:12:14.000Z2023-08-17T16:06:11.000Z

VitaliyU.77378 (Customer) asked a question.

IdP + SWA apps. How it should work or how to add apps without SSO to OKTA

Hey all,

I'm new to OKTA and trying to understand how identity providers (e.g. social identity Google) work with OKTA access.

I added Google IdP to OKTA, created rule that should redirect SWA app (ex. Slack) to log in with Google, but it does not work as expected. It sends me to Slack login page and that is all. Btw: without this rule it works the same 🙂

I was expecting that apps that do not have SSO or have super expensive SSO could be added to the IdP rule and redirected to the login page (maximum select Google account) without any additional user steps.

Can someone explain how it should work, maybe I was misinformed that IdP works the way I wrote above?


VitaliyU.77378 likes this.
  • Hi @VitaliyU.77378 (Customer)​ , Thank you for reaching out to the Okta Community!

     

    There are two concepts here.  

    1. Setting up an IDP for Okta means that you'll have your users log into OKTA with the IDP's creds instead of Okta username/password. 
    2. SWA works similarly to a password vault, whereby once the app and creds have been set up in Okta, when the user goes to the app site, the creds are injected with the help of the Okta Browser Plugin and login is initiated.  

     

    In essence, the two are completely independent processes. Google grants access to Okta, from there Okta grants access to whatever apps you have integrated via whatever authentication method you have set up for each respective app (SWA, SAML, OIDC).  

     

     

     

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

    --------------------------------

    Okta Identity Engine (OIE) Ask Me Anything: Get answers from product experts by clicking here.

    Expand Post
    Selected as Best
  • Hi @VitaliyU.77378 (Customer)​ , Thank you for reaching out to the Okta Community!

     

    There are two concepts here.  

    1. Setting up an IDP for Okta means that you'll have your users log into OKTA with the IDP's creds instead of Okta username/password. 
    2. SWA works similarly to a password vault, whereby once the app and creds have been set up in Okta, when the user goes to the app site, the creds are injected with the help of the Okta Browser Plugin and login is initiated.  

     

    In essence, the two are completely independent processes. Google grants access to Okta, from there Okta grants access to whatever apps you have integrated via whatever authentication method you have set up for each respective app (SWA, SAML, OIDC).  

     

     

     

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

    --------------------------------

    Okta Identity Engine (OIE) Ask Me Anything: Get answers from product experts by clicking here.

    Expand Post
    Selected as Best
This question is closed.

Recommended content

No recommended content found...