Single Sign-On

The Okta app integrations in your org use Single Sign-On (SSO) to provide a seamless authentication experience for end users. After end users sign in to Okta, they can launch any of their assigned app integrations to access external applications and services without re-entering their credentials. For applications that support federated SSO through SAML, OIDC, or any other proprietary authentication protocol, Okta establishes a secure connection with a user's browser and then authenticates the user. With SSO, a central domain performs authentication and then shares the session with other domains. The way a session is shared may differ between the various SSO protocols, but the general concept is the same.

Okta provides SSO access to thousands of supported cloud-based applications through the Okta Integration Network (OIN). The integrations in the OIN can use OpenID Connect (OIDC), SAML, SWA, or proprietary APIs for SSO. Okta maintains all of the SSO protocols and provisioning APIs.

Okta also provides integrations for SSO to on-premises web-based applications. You can integrate on-premises applications using SWA or SAML toolkits. Okta also supports provisioning and deprovisioning users with applications that expose their provisioning APIs publicly.

Okta provides SSO integration with mobile apps whether they are web applications optimized for mobile devices, native iOS apps, or Android apps. Users can access web app integration in the OIN using SSO from any mobile device. Mobile web apps can use industry-standard OIDC, SAML, or Okta SWA technology. For example, Okta can integrate with native applications like Box Mobile using SAML authentication for registration and OAuth for ongoing usage.

Related topics

Active Directory Desktop Single Sign-on

Configure agentless Desktop Single Sign-on