WS-Fed app integrations
Web Services Federation (WS-Fed) is an XML-based protocol used for Single Sign-On (SSO). Typically, WS-Fed is used to sign on to legacy Windows-based web applications and Microsoft Office 365, where Okta acts as an authorization server or Identity Provider (IdP).
When added to an org and assigned to an end user by an admin, the WS-Fed app integration appears as a new tile on the End-User Dashboard.
Okta as Identity Provider
Okta supports integrating with WS-Fed applications as an IdP that provides SSO to external applications.
When users request access to an external application registered with Okta, they're redirected to Okta. As the IdP, Okta then delivers an assertion to the browser. The browser uses that assertion to authenticate the user to the application.
- Using WS-Fed, the user attempts to access client applications that are protected by Okta.
- Client applications act as WS-Fed Service Providers (SP) and delegate the user authentication to Okta. The client applications send an assertion to Okta to establish the user session.
- Okta acts as the WS-Fed Identity Provider and uses SSO and Multifactor Authentication (MFA) to authenticate the user.
- Okta returns an assertion to the client applications through the end user's browser.
- The client applications validate the returned assertion and allow the user access to the client application.
Users, client applications, and external IdPs can all be on your intranet and behind a firewall, as long as the end user can reach Okta through the internet.