How Does Okta Secure Authentication


I am understanding When we run application it redirects to Okta Login scree and once we give Okta credentials it will redirect to our application.

But how It works internally? How it provides Authentication to the. I am new to Authentication and Okta it self. So please help in understanding How Okta Authentication works.

Basically how Okta Authentication works and how this Okta is good when compared other Identity servers in the market

Hi @Gayithri

In the concept of identity provider and service provider, Okta acts as an identity provider for your application. There are multiple ways of integrating single sign-on with Okta:

  • Secure Web Authentication
    • if you application supports only username and password for authenticating users, Okta browser plugin will automatically inject the credentials once the user arrives on the log in page
  • Security Assertion Markup Language (SAML)
  • WS-Federation (Ws-Fed)
  • OpenID

If your application supports any of the last three, then Okta will require the user to log in to Okta after which it will send to your application an assertion or tokens with the user’s identity. Once your application parses the details, it can successfully log in the user. This provides a password-less and secure experience for your users.

Hi Drago’s,

Thanks for detailed explanation.

I have done small boot application with @enableOauth2S and configured the application in okta and Authorization server.

When it hits the my application it redirects to okta login page and after I enter credentials it will redirected to my application. ( What ever I given in the redirect_uri in configuration)

Here I want to understand the above process is called open ID Authentication right?
Please my understanding is correct or not?

Hi Dragos,

Can you please help me?
I am getting too much confusion with these these words.

What is Okta Authentication?
What is OpenID with Okta Authentication?