SSO between SAML App and OAuth 2 , OIDC App


Is it possible to have Single Sing On b/w App working on different protocol, one App is configured for SAML and another using OIDC on okta?
If yes, some reference doc/steps/tutorial would be helpful.


Yes, there’s a few ways to do this:
If you have both apps on okta, you get ‘out of the box’ sso while you have an okta session cookie (automatically created when you login). Your SAML app gets SAML, your OpenID app gets OpenID.

To go directly from SAML App to OpenID app you can also use a SAML token as in input on the Okta /token endpoint with the urn:ietf:params:oauth:grant-type:saml2-bearer grant type. Specs here OpenID Connect & OAuth 2.0 API | Okta Developer

If you outline your scenario a little more, I can try point you in the right direction.


Thanks for your reply!
I think we able to achieve the Login, but Single Logout is not working. In out case, one App is Asp.Net and another one is Angular SPA.
I found this page but it does not explain if it work for combination of OIDC and SAML. Configure Single Logout in app integrations.
Does okta support such SLO?


Hi @gmeena yes it does (as usual, there’s a few ways to do this with Okta). The main mechanism to guarantee logout everywhere is to use Users | Okta Developer. This API requires authentication, so may need you to wrap it in another service if you can’t pass in an end user access / id token.

This API nukes the Okta sessions as well as any tokens issued.


This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.