I’ve a custom built platform using Okta as an IDP behind the scenes.
One thing that bugs me is the fact for one of two applications that need to be integrated via SWA due to lack of other options, the workflow of the Okta Browser Plugin.
The required flow is: Custom Portal → Redirects to okta hardcoded link → Redirects to App login page and then Okta Plugin does its magic.
However, if the user doesn’t have the browser plugin, it redirects back to the Okta Dashboard, rather than the custom portal.
Is there anyway either of the following can be achieved:
If user does not have Okta Browser plugin present, redirect to either origin url or custom url (okta wide or specific to app)
Check if the browser plugin is installed and if not, prompt the user to download it.
I’m not 100% sure I understand the question, so bare with me.
It sound like the application you are developing (or a 3rd party app) should look into an OAuth/OIDC flow to Okta. This can be done a few different ways depending on the app, for example, you could use the Okta Signin Widget or server side redirects.
I’m developing a custom web application, it uses the Okta SIW to authenticate users and then launch them into my custom web application. In this we application, I make an Okta API call to pull back the assigned applications and display them to the user. This API call pulls back the the Okta hard coded links e.g. https://dev-<number_here>.oktapreview.com/home/office365/0oab6f5sod7FfkCEH0h7/aln8l90mj9E52ZAZQ0g7.
Now if this application is SAML all works wonderfully. If this application is integrated via SWA and the user has the okta plugin installed, they go to this hard link which then redirects them to the real application URL and the plugin does its magic.
If the user doesn’t have the okta plugin installed, it stops at the Okta dashboard rather than redirect them to the destination. We want to keep users flowing through our custom web app, rather than ever be redirected to the Okta portal (except for a temporary redirection). It would cause a poor potential experience if the web app went live as users will be taken to the okta portal which they might not be familiar with.
Which version of the SIW are you using? Can you paste in the the config you are using (you can hide the clientId if you want) It sounds like the redirect might not be configured correctly from the widget.
The user is successfully authenticated and inside my web application. When the user clicks on the hard link generated by the GetAssigned Apps api call, it’s the issue around this.
Essentially when clicking this hard link, if the plugin isn’t installed it doesn’t redirect as one would expect.
Unfortunately, we don’t have a way to detect if the plugin is installed, so we can’t fully support SWA apps in a fully customized portal case. However, we do have the ability to embed our existing portal in an iframe without the Okta branding.
Enable iframe embedding:
Log in as an Okta Admin
Settings/Customization
Edit IFrame Embedding
Check Allow IFrame embedding (heed the clickjacking warning)
Is the new suppression of elements for iFrames new?
That’s useful to know anyone but the problem is I need to custom style my web application and have data available so the iframe route isn’t much use unfortunately.
Is there anyway like with custom login / error pages, we could have it set to be able to define a URL to redirect to upon plugin being detected as not installed so the following flow happens.
Custom Web App -> Okta App Hared Coded Url -> Okta Portal -> Custom Web app.