We developed OIDC sign in into OKTA in our app (app A). There is another app (app B) that uses SAML to sign into OKTA.
We now have to display app B in an iframe in app A and cannot enable the flag "Allow iframe embedding" in our Okta org. Is there a way to avoid redirecting the user to the app B and redirecting back to app A? What would be the most elegant solution for the end user ?
Had same use case and it only worked upon enabling iFrame Embedding.
Okta has enabled X-Frame-Option protection for all pages to protect against user interface redress attacks so I think you can consider this.