Okta app integrations serve as a configured connection between Okta features like Okta Universal Directory and external apps that provide a service, like Zoom or Box. App integrations on the Okta End-User Dashboard are sometimes referred to as tiles or apps.
App integrations can be one of the following two types:
- Prebuilt, in the case of those integrations available in the Okta Integration Network (OIN).
- Custom built by admins or developers using the App Integration Wizard (AIW), templates, or bookmarks.
Suppose that your organization uses Workday to facilitate human resources management. To Okta, Workday is an external app. You can integrate Workday with your Okta org by adding it from the Okta Integration Network (OIN) and configuring it.
After configuring the parameters of an app integration, you can assign it to groups or individual users in your Okta org and have the app integration appear on their End-User Dashboard. Users click the app integration and are automatically authenticated and signed in to that external app.
The Applications page, available through the Okta Admin Console, allows you to add, create, and assign app integrations to users or groups.
For details on managing the app integrations and assigning them to end users, see Access and customize app integrations and Assign app integrations.
Although app is a commonly used term, Okta generally differentiates between an Okta app integration and an external app, such as Box or Zoom.
Single Sign-On
Single Sign-On (SSO) enables users to sign on to multiple cloud-based, on-premises, or mobile apps using a single set of authentication credentials.
After you configure and assign SSO app integrations, end users can sign in to their Okta account and then access their external apps without entering their credentials for each app.
Okta uses the secure connection between a user's browser and Okta-managed app integrations to authenticate the user with one of the supported SSO integration methods:
- OpenID Connect (OIDC). See OIDC app integrations.
- Secure Authentication Markup Language (SAML). See SAML app integrations.
- Secure Web Authentication (SWA). See SWA app integrations.
- Web Services Federation (WS-Fed). See WS-Fed app integrations.
Provisioning
The provisioning functionality in Okta allows you to manage and automate the exchange of user identity information in cloud-based and on-premises apps and services.
The protocol used for communication between Okta and external apps is the industry-standard Security Cross-domain Identity Management (SCIM) protocol.
If an external app supports SCIM-based provisioning, then you can configure the associated Okta app integration to include the provisioning features of Okta Lifecycle Management.
See SCIM app integrations.
Add app integrations
Admins can add app integrations to their Okta org in several ways:
- The OIN is a collection of thousands of prebuilt app integrations that connect end users with external apps. App integrations in the OIN provide connections through SAML, OpenID Connect, SWA, WS-Fed, or proprietary APIs. Each app integration includes a list of the protocols that it supports. Search for the external app in the OIN catalog and review the capabilities for its associated app integration. See Add existing app integrations.
- Admins and developers can use the Okta App Integration Wizard to create custom OIDC, SAML 2.0, or SWA app integrations. These integrations can be created for private use within your Okta org. Alternatively, you can also submit them for consideration to be included in the OIN catalog. See Create custom app integrations.
- You can use templates from the OIN to get your project up and running quickly, rather than create an integration from scratch.
- Okta provides integrations for mobile apps, whether they're iOS or Android apps, or HTML5 web apps that are optimized for mobile platforms. Mobile web apps can use industry-standard SAML, OIDC, or SWA for SSO. End users can access any web app in the OIN with SSO from a mobile device. Admins can create integrations for platform-specific apps like Box Mobile, for example, using SAML authentication for registration and OAuth for ongoing usage.
Okta Mobile uses SSO to extend its functionality to apps on your iPad or iPhone. The Okta Mobile app provides an embedded Okta browser and app menu. You can download and install the Okta Mobile app from the Apple App Store. For more information on mobile apps and Okta Mobile, see About Okta Mobile.
- For simple authentication scenarios, you can use the Okta Browser Plugin or the bookmark app integration from the OIN. See Allow end users to add apps with the Okta Browser Plugin and Create a Bookmark App integration.
The Okta Browser Plugin enables you to automatically sign into apps that would otherwise require you to manually enter your credentials. For more information on the browser plugin, see Okta Browser Plugin .
- End users can submit self-service access requests to have app integration added to their Okta org. See Self Service for app integrations.