See the above SPA and web app links for code samples.
As an application developer, you want to give your users the ability to sign in directly to your application using Okta for identity management. To do so, your application needs to support federated Single Sign-On (SSO). In this scenario, your application relies on Okta to serve as an external Identity Provider (IdP).
Choosing a protocol
Okta supports two protocols for handling federated SSO:
Verifies end-user identity and obtains profile information.
Lightweight and REST-based.
Ideal for mobile and cloud applications.
Newer protocol with widespread usage. Some newer applications only support OIDC.
Widely used federation protocol for SSO in Web applications.
Many SaaS providers support SAML integration to grant SSO access to end users.
Specification doesn’t have user consent, although it can be built into the flow.
Larger in size because XML messages are transmitted back and forth.
In a typical scenario, your application relies on Okta to act as a multi-tenant Identity Provider (IdP) for your customers' Okta organizations.
An Okta org acts as a container that sets hard boundaries for all users, applications, and other entities associated with a single customer, providing tenant-based isolation.
In developing your SSO app integration, the customer’s Okta org serves as the Authorization Server (OIDC) or as the IdP (SAML).
This guide assumes that you intend to develop an app integration and make it public by publishing it in the Okta Integration Network (OIN). If you want to develop a custom app integration that is intended for private deployment within your own company, use the Okta App Integration Wizard (AIW)(opens new window) to create your app integration.
Prepare your integration
After you have decided which protocol is right for your needs, you need to gather some information for your integration.
Create your integration
After you have your background information, you can use the Okta Admin Console and the Application Integration Wizard (AIW) to create your SSO integration inside the Okta org associated with your developer account.
Sign in to your Okta developer account as a user with administrative privileges.
In the Admin Console, go to Applications > Applications.
Click Create App Integration.
Specify your integration settings
This portion of the guide takes you through the steps for configuring your specific SSO integration using the Okta Admin Console.
After you create your integration in the Create your integration step, the Admin Console opens the main settings page for your new integration. In here, you can specify General Settings and Sign On options, as well as assign the integration to users in your org. Click Edit if you need to change any of the options, and Save when you have made your changes.
Test your integration
This portion of the guide takes you through the steps required to test your integration.
First you must assign your integration to one or more test users in your org:
Click the Assignments tab.
Click Assign and then select either Assign to People or Assign to Groups.
Enter the appropriate people or groups that you want to have Single Sign-On into your application, and then click Assign for each.
For any people that you add, verify the user-specific attributes, and then select Save and Go Back.
Test Single Sign-On
Sign out of your administrator account in your development org. Click Sign out in the upper-right corner of the Admin Console.
Sign in to the Okta End-User Dashboard as the regular user that was assigned the integration.
In your dashboard, click the Okta tile for the integration and confirm that the user is signed in to your application.