<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z0000A4eyNyCQIOkta Classic EngineSingle Sign-OnAnswered2024-04-09T13:25:26.000Z2024-04-02T14:46:10.000Z2024-04-09T13:25:26.000Z

MatthewH.10249 (State of Iowa) asked a question.

April 2, 2024 at 2:46 PM
Should we create Bookmark Apps with "Everyone" group to point at SAML Apps using Federation Broker Mode if we want an Okta Dashboard app to show up?

It appears a limitation of Federation Broker Mode is that apps will not display the app on the Okta Dashboard. If we wanted an app to show up yet still leverage the benefits of Federation Broker Mode should we create a Bookmark app and assign it to the "Everyone" group or does this sort of defeat the purpose of using Federation Broker Mode?

 

Federation Broker Mode known limitations

https://help.okta.com/en-us/content/topics/apps/apps-fbm-known-issues.htm

 

 

  • 3 answers
  • 342 views

  • MatthewH.10249 (State of Iowa)

    Mihai, thanks for the feedback. To be clear, the current SAML app I'm referring to does allow for IDP initiated flow but because of the limitation of "Federation Broker Mode" where apps do not show on the Okta Dashboard, I'm looking for the best option to have a way users can launch the app from the Okta Dashboard yet still leverage the "Federation Broker Mode'. My only idea was to create a second app of type Bookmark that would be assigned to the "Everyone" group as users will be using self-service registration and we don't want to manually assign users. Any major downsides of doing what I'm suggesting or are there better options?

    Expand Post
    Selected as Best

  • Mihai Negoita - Okta (Okta, Inc.)

    Hi @MatthewH.10249 (State of Iowa)​ , Thank you for reaching out to the Okta Community! 

     

    The Bookmark app approach is recommended for anything that does not support the IDP initiated flow, but you would still like users to have a dedicated app icon on their Dashboard. 

    I generally discourage the use of the "Everyone" group for any app assignments as you cannot manage user membership there and it causes issues when you have to troubleshoot assignments. You can set up a new dedicated group and leverage Group Rules to populate it with the required users.  

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

     

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Expand Post

    • MatthewH.10249 (State of Iowa)

      Mihai, thanks for the feedback. To be clear, the current SAML app I'm referring to does allow for IDP initiated flow but because of the limitation of "Federation Broker Mode" where apps do not show on the Okta Dashboard, I'm looking for the best option to have a way users can launch the app from the Okta Dashboard yet still leverage the "Federation Broker Mode'. My only idea was to create a second app of type Bookmark that would be assigned to the "Everyone" group as users will be using self-service registration and we don't want to manually assign users. Any major downsides of doing what I'm suggesting or are there better options?

      Expand Post
      Selected as Best

      • Mihai Negoita - Okta (Okta, Inc.)

        I've been looking into this and unfortunately there are not better or best practices to share for this use case. 

        For now, at least, you are on the right track.  

         

        Regards.

        --

        Help others in the community by liking or hitting Select as Best if this response helped you.

        Expand Post
This question is closed.
Loading
Should we create Bookmark Apps with "Everyone" group to point at SAML Apps using Federation Broker Mode if we want an Okta Dashboard app to show up?