Single Sign-On
The Okta app integrations in your org use Single Sign-On (SSO) to provide a seamless authentication experience for end users. After end users sign in to Okta, they can launch any of their assigned app integrations to access external apps and services without reentering their credentials. For apps that support federated SSO through SAML, OIDC, or any other proprietary authentication protocol, Okta establishes a secure connection with a user's browser and then authenticates the user. With SSO, a central domain performs authentication and then shares the session with other domains. The way a session is shared may differ between the various SSO protocols, but the general concept is the same.
Okta provides SSO access to thousands of supported cloud-based apps through the Okta Integration Network (OIN). The integrations in the OIN can use OpenID Connect (OIDC), SAML, SWA, or proprietary APIs for SSO. Okta maintains the SSO protocols and provisioning APIs.
Okta also provides integrations for SSO to on-premises web-based apps. You can integrate on-premises apps using SWA or SAML toolkits. Okta also supports provisioning and deprovisioning users with apps that expose their provisioning APIs publicly.
Okta provides SSO integration with mobile apps whether they're iOS or Android apps, or web apps optimized for mobile devices. Users can access web app integration in the OIN using SSO from any mobile device. Mobile web apps can use industry-standard OIDC, SAML, or Okta SWA technology. For example, Okta can integrate with platform-specific apps like Box Mobile using SAML authentication for registration and OAuth for ongoing usage.