Seamlessly sign into another app in an iframe


  We developed OIDC sign in into OKTA in our app (app A). There is another app (app B) that uses SAML to sign into OKTA.
  We now have to display app B in an iframe in app A and cannot enable the flag "Allow iframe embedding" in our Okta org. Is there a way to avoid redirecting the user to the app B and redirecting back to app A? What would be the most elegant solution for the end user ?


Can you please reformat your question and take it out of a <pre> tag so it’s easier to read?

Had same use case and it only worked upon enabling iFrame Embedding.
Okta has enabled X-Frame-Option protection for all pages to protect against user interface redress attacks so I think you can consider this.


Thanks for your reply