Enable SAML or OIDC authentication for supported apps

SAMLAn acronym for Security Assertion Markup Language, SAML is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). The SAML standard addresses issues unique to the single sign-on (SSO) solution, and defines three roles: the end user, the IdP, and the SP. Here's how SAML works through Okta: SP-initiated flow: the end user requests (principally through a browser) a service from the SP. The SP requests and obtains an identity assertion from the IdP (in this case, Okta). On the basis of this assertion, the SP can decide whether or not to authorize or authenticate the service for the end user. IdP-initiated flow: with Okta as the IdP, an end user goes to the Okta browser and clicks on an app, sending a SAMLResponse to the configured SP. A session is established with the SP, and the end user is authenticated. and OIDCOpenID Connect (OIDC) is an authentication layer on top of OAuth 2.0, an authorization framework. The standard is controlled by the OpenID are authentication protocols that reduce reliance on password-based authentication.

For more information, see Okta Applications.

 

HealthInsight: Why is this task recommended?


This a HealthInsight security task. For more security recommendations from Okta, see HealthInsight.

Leverage SAML and OIDC authentication protocols for supported apps in order to reduce reliance on password-based authentication.

Security impact: High

End-user impact: None

Okta recommends: Enable SAML or OIDC and disable SWA for applications when possible.

 

End-user experience and impact


When signing in to their orgThe Okta container that represents a real-world organization., end usersIn Okta literature, we generally refer to "end users" as the people who have their own Okta home page (My Applications), using apps to authenticate into all of their apps. End users do not have any administrative control. When we refer to "users" we are generally referring to the individual(s) who have administrative control. will be prompted to enroll in required factors and may enroll in any factors set to optional. Factors that have been disabled are not visible to end users.

 

Procedure


To view a list of SAML-capable apps:

  1. From the adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. console, click Reports > Reports.
  2. Under Application Usage, click SAML Capable Apps.
  3. Generate a report to see a list of available apps that can be converted to SAML.
  4. To convert an app to be SAML or OIDC capable, click Convert to SAML.

    Generate a report of SAML-capable apps from the admin console.

  5. Click Edit.
  6. Change the SSO method to SAML or OIDC and follow the on-screen instructions to convert your app successfully.

 

Related topics


 

 

 

Top