Enable SAML or OIDC authentication for supported apps

SAML and OIDC are authentication protocols that reduce reliance on password-based authentication.

  • SAML is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP).
  • OpenID Connect (OIDC) is a protocol that sits on top of the OAuth 2.0 framework. The OIDC protocol allows otherwise different systems to interoperate and share authentication state and user profile information.
  • SWA is a SSO system developed by Okta to provide single sign-on for apps that don't support proprietary federated sign-on methods or SAML. In a SWA login, the username and password are passed to the third party app whereas with SAML and OIDC, those credentials never leave Okta.

For more information, see Okta Applications.

 

HealthInsight: Why is this task recommended?


This feature is a HealthInsight security task. For more security recommendations from Okta, see HealthInsight.

Leverage SAML and OIDC authentication protocols for supported apps in order to reduce reliance on password-based authentication.

Security impact: High

End-user impact: None

Okta recommends: Enable SAML or OIDC and disable SWA for applications when possible.

 

End-user experience and impact


When signing in to their org, end users will be prompted to enroll in required factors and may enroll in any factors set to optional. Factors that have been disabled are not visible to end users.

 

Procedure


To view a list of SAML-capable apps:

  1. From the admin console, click Reports > Reports.
  2. Under Application Usage, click SAML Capable Apps.
  3. Generate a report to see a list of available apps that can be converted to SAML.
  4. To convert an app to be SAML or OIDC capable, click Convert to SAML.

    Generate a report of SAML-capable apps from the admin console.

  5. Click Edit.
  6. Change the SSO method to SAML or OIDC and follow the on-screen instructions to convert your app successfully.

 

Related topics