Okta Basics Curriculum: Managed Application Single Sign-On (SSO)
Today we start digging into Okta’s capabilities – we’re going to walk through setting up integrations to allow users access to applications using single sign-on.
Okta offers three different ways to set up SSO authentication:
- Secure Web Authentication (SWA) – Okta uses a browser plugin to securely pass credentials into a web form on behalf of the authenticated user
- Security Assertion Markup Language (SAML) – XML-based standard for exchanging authentication and authorization data – SAML allows Okta to create a secure connection to an application or service provider and essentially builds a bridge of trust between the auth provider and the service provider (this is commonly used for SSO whether you’re using Okta or another identity tool)
- WS-Federation – Commonly used with Microsoft applications and works the same general way as SAML does
SAML is a BIG topic that deserves more research if you’re interested – Duo has a fun blog post here that covers the essentials that you need to know.
Today we get to dive into the Okta Integration Network (OIN) and start choosing some applications that we want to integrate into our Okta environment. You can find this in your dashboard via Applications on the sidebar and then clicking ‘Add Application’.
As you’ll see, each application has details under the logo about what integration options are available, and you can dig into each app to see more information about the integration capabilities offered.
You’ll also see integration properties in the OIN which gives you information about who built out the integration – some are Okta-built, some are community-built.
So how do we configure an application using SAML? So glad you asked.
Select the app you want to configure for SSO, and then hit the blue Add button to kick the process off. Depending on the application, you’ll be presented with a list of general settings and options to fill out before you can finalize the integration.
Some applications will offer different options for setting up the integration – Salesforce as an example offers SWA and SAML and Okta admins can decide which works best for their organization.
Its important to follow the service provider setup instructions that are linked – every app is going to have a different process for setting up SAML and you’ll want to make sure that everything is copy-pasted correctly for the integration to work.
How do we configure an application using SWA?
SWA applications are typically used to connect applications such as LinkedIn or Facebook. The beginning of the process works the same way – search for the application or website in the OIN and follow the steps. If you’re using different accounts for different teams, remember to add a clear application label so you can tell them apart (Marketing vs Sales etc).
SWA integrations need the Okta browser plugin to be installed on the users’ computer – that linked page has a lot of information about installation, security, and use cases for the plugin.
Some of these applications will allow you to set a shared username and password – this is useful for shared access to a corporate social media account or things like that.
Some applications will also provide the option to set account mapping – Here’s what the Facebook setup looks like:
Once the integration is set up and configured, you can assign these SWA integrated apps to certain users or groups, and they will see them in their Okta profile once they log in.