Enable Federation Broker Mode

Federation Broker Mode allows Okta to automatically assign app access to users based on sign-on policies and authorization rules in your application. Enable Federation Broker Mode to improve import performance by removing explicit app assignments.

If you have a large number of group assignments, enabling Federation Broker Mode can consume substantial processing resources and take a significant time to complete.

Enable Federation Broker Mode for a new OIDC app

  1. In the Admin Console, go to Applications > Applications.
  2. Optional. Enter the application name in the Search field.
  3. Click an application name in the list of applications. The app must be a custom OIDC app.
  4. On the General Settings screen, scroll down to the Assignments area and select Allow everyone in your organization to access.

    Enabling Federation Broker Mode disables the ability to manually assign users and groups.

  5. The Enable immediate access option appears. Click the Enable immediate access with Federation Broker Mode checkbox and review the information in the dialog box that appears.
  6. Click Save.

Enable Federation Broker Mode for an existing SAML or OIDC app

  1. In the Admin Console, go to Applications > Applications.
  2. Enter the application name in the Search field.
  3. Select the application and click the General tab.
  4. Scroll down to Federation Broker Mode and click Edit.
  5. Click Enable Federation Broker Mode.
  6. Review the information in the dialog box that appears and click Continue.
  7. Click Save.

    After saving, you will be unable to make changes to the Federation Broker Mode setting until the update is complete.