I have 2 applications configured with OpenId on Okta.
I intend to embed one app in the other.I understand there is a setting to allow Iframe embedding.
Okta admin page -> Customization -> IFrame Embedding select Allow IFrame embedding
However, this is susceptible to Clickjacking attacks for all the apps on the domain.
Is there a way to do this on an app basis or another more secure way of doing so?
At this time, we only support allowing iFrame embedding across the entire org, but we have planned a feature enhancement that will allow you to specify specific apps/domains that are permitted to do so.
You can track the progress of this request in our Ideas portal: Idea #106403