Configure Cross App Access
Early Access release
Cross App Access simplifies how third-party apps share data, moving complex consent processes away from end users and into the Okta Admin Console. When Cross App Access is configured, end users can access their data from other SaaS apps without navigating OAuth consent flows. Instead, admins manage this connection on behalf of users in the Okta Admin Console. This enhances org security and improves the end-user experience.
Benefits
- Enhanced security: Okta admins have centralized control over data sharing, enforcing least privilege, and reducing the risk of unauthorized access.
- Improved user experience: End users don't encounter repetitive OAuth consent pages, leading to a smoother, more efficient workflow.
- Simplified integration: Cross App Access streamlines the process of connecting third-party apps in your Okta environment.
How it works
Before you begin using this functionality, you should familiarize yourself with these concepts:
- Requesting app: The app that accesses a protected resource.
- Resource app: The app that owns a protected resource.
- Managed connection: A directional relationship between a requesting app and a resource app. The Okta admin manages this relationship.
- Identity Assertion Authorization Grant: A token exchange flow that trades an OIDC ID token for an ID-JAG token. The ID-JAG token is then used by the requesting app to request an access token from the resource app. This access token is used to request protected resources.
You can configure Cross App Access when these conditions are met:
- The requesting and resource apps are integrated in the OIN with OIDC functionality and have Cross App Access enabled.
- The apps have an established OAuth relationship. That is, the requesting app has an OAuth client in the resource app's authorization server.
- Okta is the IdP for the requesting app and the resource app, and both apps use SSO.