Glossary

    A
  • ACS Endpoint – Assertion Consumer Service URL – often referred to simply as the SP login URL. This is the endpoint provided by the SP where SAML responses are posted. The SP needs to provide this information to the IDP
  • An abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page.
  • A software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations.
  • An abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in.
  • B
  • Once SAML is enabled, users and admins cannot login via username/password using the Service Provider’s login page. All user logins will be done through SAML via the Identity Provider. In most cases, Service Providers have backdoor URL’s which users can use if they need to login using their username/password.
  • C
  • The "buttons" that appear on an end user's Home page and represent each application they wish to access through Okta. Clicking the chiclet allows the end user to instantly sign in and authenticate themselves into their chosen app.
  • Essentially, a client is anything that talks to the Okta service. Within the traditional client-server model, Okta is the server. The client might be an agent, an Okta mobile app, or a browser plugin.
  • Cloud computing refers to applications and services offered over the Internet. These services are offered from data centers all over the world, which are referred to collectively as "the cloud."
  • Each app found on the Okta Applications Page has either an Okta Verified, Community Created, or Community Verified designation. Community Created means that the app was created by the Okta community, but has not yet been tested and verified by Okta.
  • Each app found in the Okta Applications Page page has either an Okta Verified, Community Created, or Community Verified designation. Community Verified indicates that the app was created by the community and has shown some evidence of quality, such as active usage or multiple members of the community using it. However, Okta has not tested it and does not support it in anyway.
  • D
  • Allows users to directly access parts of an application. If supported, users can navigate to a deep link and authenticate to an application using SP-initiated SAML SSO. After authentication, the user will be re-directed to a specific page in the SP instead of the homepage.
  • A domain is an attribute of an Okta organization. Okta uses a fully-qualified domain name, meaning it always includes the top-level domain (.com, .eu, etc.), but does not include the protocol (https).
  • In the context of Okta provisioning, a downstream app is one that is receiving data from Okta.
  • E
  • In Okta literature, we generally refer to "end users" as the people who have their own Okta home page (My Applications), using chiclets to authenticate into all of their apps. End users do not have any administrative control. When we refer to "users" we are generally referring to the individual(s) who have administrative control.
  • F
  • Users will be forced to re-authenticate through their Identity Provider when trying to access an app. Users will be required to re-authenticate even if they have an active session with the IdP already. For Okta, this means that it will also re-evaluate app sign-on policy if it was previously configured.
  • G
  • Groups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups.
  • I
  • An acronym for Identity Provider. It is a service that manages end user accounts analogous to user directories such as LDAP and Active Directory, and can send SAML responses to SPs to authenticate end users. Within this scenario, the IdP is Okta.
  • Identity Provider Initiated (IDP-initiated) SSO - SAML authentication is initiated by the Identity Provider (IdP). In this flow, the Identity Provider initiates a SAML Response which is re-directed to the Service Provider to assert the user’s identity. In Okta, this is triggered after a user clicks the chiclet for a SAML application.
  • An acronym for independent software vendors. Okta partners with various ISVs (usually producing enterprise applications) to integrate on-premises, in the cloud, or native-to-mobile devices with Okta.
  • J
  • users are created/updated on the fly using the SAML attributes sent as part of the SAML response coming from the Identity Provider. The A user is created during initial login to the Service Provider and updated during subsequent logins. Turning on JIT Provisioning is normally a configuration value in the Service Provider.
  • M
  • This is the central home page for Okta users. It is the first page that appears after signing into Okta each day, and displays the chiclets that represent an end user’s applications.This page will usually have a URL that looks something like acme.okta.com/app/UserHome.
  • O
  • An acronym for the Okta Integration Network. The OIN is comprised of thousands of public, pre-integrated business and consumer applications. As an on-demand service, OIN integrations are continuously validated, always up to date, and constantly growing both in number and capability. Okta performs a single integration with an ISV or SP, providing thousands of end users with point-and-click customization for their orgs.
  • Each integration found in the Okta Integration Network is either Okta Verified, Community Created, or Community Verified. Integrations can receive Okta Verification status in one of the following ways: 1) If the integration is Okta-built and is tested and verified by Okta. 2) If the integration is ISV-built (partner-built) and tested by Okta, then verified by a customer in production.
  • An acronym for Okta Mobility Management. OMM enables you to manage your users' mobile devices, applications, and data. Your users enroll in the service and can then download and use managed apps from the Apps Store. Managed apps are typically work-related, such as Box or Expensify. As an administrator, you can remove managed apps and associated data from users' devices at any time. You can configure policies, such as data sharing controls, on any of your managed apps. See Configuring Okta Mobility Management for more information.
  • The Okta container that represents a real-world organization.
  • An acronym of Organizational Unit. Organizational units are Active Directory containers into which you can place users, groups, computers, and other organizational units. It is the smallest scope or unit to which you can assign Group Policy settings or delegate administrative authority.
  • P
  • Partner-Built Provisioning: The Provisioning features of some OIN apps are built by a third-party, typically the vendor of the app product or service. These features are Okta Verified through a rigorous Okta review process. Partners-Built EA: Partner-Built EA application features have been verified and tested by Okta but may not have been deployed or used by a customer in an Okta production environment. We recommend that you fully test these integrations for your own provisioning use-cases before deploying in production for your end users. Okta Verified: A Partner-built EA application becomes Okta Verified after a customer has verified the integration in production.
  • A profile master is an application (usually a directory service such as Active Directory, or human capital management system such as Workday) that acts as a source of truth for user profile attributes. A user can only be mastered by a single application or directory at any one time. For more details, see Using the Okta People Page.
  • S
  • An acronym for Security Assertion Markup Language, SAML is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). The SAML standard addresses issues unique to the single sign-on (SSO) solution, and defines three roles: the end user, the IDP, and the SP.
  • Ability to import additional attributes to Okta
  • A scope is an indication by the client that it wants to access some resource.
  • A SAML Service Provider sends a logout request to the Identity Provider which results in both the Identity Provider and Service Provider’s current session to close. Okta only supports SP-initiated log out.
  • An acronym for service provider. Generally, an SP is a company, usually providing organizations with communications, storage, processing, and a host of other services. Within Okta, it is any website that accepts SAML responses as a way of signing in users, and has the ability to redirect a user to an IdP (e.g., Okta) to begin the authentication process.
  • Service Provider Initiated (SP-initiated) SSO - SAML authentication is initiated by the Service Provider (SP). This is triggered when the end user tries to access a resource in the Service provider or login directly to the Service Provider.
  • An acronym for single sign-on. In a SSO system, a user logs in once to the system and can access multiple systems without being prompted to sign in for each one. Okta is a cloud-based SSO platform that allows users to enter one name and password to access multiple applications. Users can access all of their web applications, both behind the firewall and in the cloud, with a single sign in. Okta provides a seamless experience across PCs, laptops, tablets, and smartphones.
  • An acronym for Secure Web Authentication. SWA is a SSO system developed by Okta to provide single sign-on for apps that don't support proprietary federated sign-on methods or SAML. Users can enter their credentials for these apps on their homepage. These credentials are stored such that users can access their apps without entering their credentials each time. When users first sign-in to a SWA app from their homepage, they see a pop-up message asking if they were able to sign-in successfully.
  • U
  • In Okta literature, we generally refer to "users" as the people who serve as Okta administrators. When we refer to "end users" we are generally referring to the people who the administrators serve. That is, those who use Okta chiclets to access their apps, but have no administrative control.
Top