my24r (my24r) asked a question.
Greetings, I am a project manager for a large Okta SSO with MFA integration project and we have encountered an issue with our non-human unattended system accounts. We have several applications that push and pull data for long periods of time and our engineer is uncertain how to configure Okta so that these accounts can run unattended. Our IT policies do not allow signing in without MFA and SSO and I am looking for a workaround to this issue. To clarify the problem, I have added a story here below.
Application "A" has completed cleaning data and needs to push the data to application "B". App "A" tries to contact app "B" and is asked for credentials. But, since both "A" and "B" are unattended system accounts, they cannot sign in using SSO or MFA and they are limited in login time due to time restriction policies.
If anyone has encountered a similar problem and/or has a possible solution, I would be grateful to hear it.
Thank you kindly,
Julli
Hi @my24r (my24r) , Thank you for reaching out to the Okta Community!
I'm not seeing any way around this, at least not from the Okta side and without extensive custom deployment work.
When in comes to account federation for SSO via let's say SAML, it's typically all or nothing and if your policies do not allow exceptions for certain users/groups to the MFA use (which is understandable).
Some apps allow for SSO bypass in certain situations (for example Salesforce/Google that I've worked with) but most do not, and even so, this would not be managed from the Okta side.
We'll leave this question open for Community input in case someone found a more elegant solution to this predicament.
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--------------------------------
Headed to Oktane? Here's what you can expect, plus all the Okta tips you may have missed this month