Simulate an IdP-initiated flow using the Bookmark App

A service provider-initiated (SP-initiated) flow occurs when an end user attempts to sign in to an external application directly on that application's sign-in website. For example, is the sign-in location for the Box cloud application.

Some external applications only support an SP-initiated flow, but you can use Okta's Bookmark App integration to simulate an Identity Provider-initiated (IdP-initiated) flow to preserve the Okta user experience.

With a configured Bookmark App integration, the end user clicks the assigned tile on their Okta End-User Dashboard and automatically signs in to the external application. Internally, this process uses the Bookmark App integration to open the URL for your domain inside the external application and then calls Okta.

You can customize the Bookmark App integration to display the logo for the external application, so the end user experience is no different from signing in to any external application.


The Bookmark App integration does not support provisioning features.

Task 1 - Configure the external application integration

  1. Add an Okta app integration for the external application with an SP-initiated flow. Select from one of the thousands of OIN applications or create a custom app integration using the App Integration Wizard. See Add existing app integrations or Create custom app integrations. This app integration serves as the back-end connection between Okta and the SP; however, it creates an application icon that you must hide from the end user.
  2. To hide the application icon, enable both options in the Application visibility section when you add or create the app integration:

    This screenshot shows the application visibility options.
    You can also change this visibility setting after you have added the app integration. In the General settings tab for the app integration, click Edit in the App Settings pane.

Task 2 - Configure the Bookmark App integration

  1. Add an Okta Bookmark App integration to display the external application to the end user. In the Admin Console, go to Applications > Applications.
  2. Click Browse App Catalog.
  3. In the Search... field, enter Bookmark App. Click on the app integration result called Bookmark App.
  4. Click Add to create a new Bookmark App instance to your Okta org.
  5. In the General Settings for the Bookmark App, enter the name of the external application and the URL for your domain at the external site. For example,, where atko is the domain of your account.
  6. This is the application icon that end users see, so leave both Application Visibility boxes unchecked:

    Screenshot showing the application label and URL fields that must be populated.

  7. Click Done to create the Bookmark App.
  8. Assign the app integration to the necessary users. See Assign app integrations.

Task 3 - Change the application icon appearance

To make the application icon for the Bookmark App resemble the external application, you can add the logo and description of that app to the Bookmark app. You need to have a PNG, JPG, or GIF image to use as the logo.

  1. After assigning the app integration to your users, click the pencil icon at the top right corner of the star icon to open the Edit Logo dialog:

    Screenshot showing the location of the edit button in the top right of the icon.

  2. In the Edit Logo dialog, you can browse to your local image of the logo and upload it for the end user's application icon:

    Screenshot showing the Edit Logo dialog.

Your end users now have an application icon on their desktop that simulates the Okta IdP-initiated flow into the external application.

Related topics

Assign app integrations

Customize an application logo