Okta app integrations serve as a configured connection between Okta features like Okta Universal Directory and external applications that provide a service, like Zoom or Box. These app integrations on the Okta End-User Dashboard are also sometimes referred to as "tiles" or "apps".
App integrations can be either:
- Pre-built, in the case of those integrations available in the Okta Integration Network (OIN).
- Custom crafted by admins or developers using the App Integration Wizard (AIW), templates, or bookmarks.
Suppose that your organization uses Workday to facilitate human resources management. To Okta, Workday is an external application. You can integrate Workday with your Okta org by locating the Workday integration in the Okta Integration Network (OIN) and providing the required details.
After configuring the parameters of an app integration, you can assign it to groups or individual users in your Okta org and have the app integration appear on their End-User Dashboard. Users click the app integration and are automatically authenticated and signed in to that external application.
The Applications page, available through the Okta Admin Console, allows you to add, create, and assign app integrations to users or groups. See Open the Applications page.
Although "application" is a commonly used term, Okta generally differentiates between an Okta "app integration" and an external "application" like Box or Zoom.
Single Sign-On (SSO) enables users to sign on to multiple cloud-based, on-premises, or mobile applications using a single set of authentication credentials.
After you configure and assign SSO app integrations, end users can sign in to their Okta account and then access their external applications without entering their credentials for each application.
Okta uses the secure connection between a user's browser and Okta-managed app integrations to authenticate the user with one of the supported SSO integration methods:
- OpenID Connect (OIDC). See OIDC app integrations.
- Secure Authentication Markup Language (SAML). See SAML app integrations.
- Secure Web Authentication (SWA). See SWA app integrations.
- Web Services Federation (WS-Fed). See WS-Fed app integrations.
The provisioning functionality in Okta allows you to manage and automate the exchange of user identity information in cloud-based and on-premises apps and services.
The protocol used for communication between Okta and external applications is the industry-standard Security Cross-domain Identity Management (SCIM) protocol.
If an external application supports SCIM-based provisioning, then you can configure the associated Okta app integration to include the provisioning features of Okta Lifecycle Management.
Adding app integrations
Admins can add app integrations to their Okta org in several ways:
- The OIN is a collection of thousands of pre-built app integrations that connect end users with external applications. App integrations in the OIN provide connections through SAML, OpenID Connect, SWA, WS-Fed, or proprietary APIs. To see what protocols are supported by a given app integration, admins can search for the external application in the OIN Catalog and review the capabilities for each associated app integration. See Add existing app integrations.
- Admins or developers who require a custom app integration can use the Okta App Integration Wizard to create a new OIDC, SAML 2.0, or SWA app integration. The final product can be private for use just within your Okta org, or you can submit the app integration to the OIN for potential inclusion in the catalog. See Create custom app integrations.
- If you don't want to create an entirely new app integration, there are some templates available in the OIN that you can use to get your project up and running quickly.
- Okta provides integrations for mobile applications, whether they are HTML5 web applications optimized for mobile platforms, or native iOS or Android apps. Mobile web applications can use industry-standard SAML, OIDC, or SWA for SSO. End users can access any web application in the OIN with SSO from a mobile device. Admins can create integrations for native applications like Box Mobile, for example, using SAML authentication for registration and OAuth for ongoing usage.
- For simple authentication scenarios, you can leverage the Okta Browser Plugin or use the bookmark app integration from the OIN. See Allow end users to add apps with the Okta Browser Plugin and Create a Bookmark App integration.
The Okta browser plugin enables you to automatically sign into applications that would otherwise require you to manually enter your credentials. For more information on the browser plugin, see Okta Browser Plugin .
- If end users find an app integration that they want to add to their Okta org, they can submit a self-service access request to have an admin, or an assigned delegate, approve and add the app to the Okta org. See Self Service for app integrations.