Guide for Okta SWA Secure Web Authentication

    Everything Okta SWA

    Let's talk Secure Web Authentication in Okta SSO

    What is SWA? Secure Web Authentication (SWA) is a form of authentication that provides single sign-on for apps that don't support proprietary federated sign-on methods or SAML. End users can enter their credentials for these apps on an application’s login page. These credentials are stored such that users can access their apps without entering their credentials each time.

    SWA Sequence Authentication Diagram

    AuthenticationOktaUserAuthenticationOktaUser1. Authenticate request4. Credentials passed2. Access request granted3. App access request through the Okta app
    1. The user logs into Okta
    2. When the user successfully logs into Okta they will click on the SWA app chiclet assigned to them
    3. The App access request is sent to Okta
    4. Okta passes the user's credentials for that app to the login screen and access is granted

    Okta Browser Plugin

    For SWA applications the Okta Browser Plugin is required. This plugin enables you to gain quick access to your Okta integrated apps without a need to return to the end-user dashboard.

    Okta Chiclet

    What is the OIN?

    OIN, Okta Integration Network, is a list of pre-configured apps that are inside Okta and can be easily added. If a client’s app is not in the OIN, there are custom ways to add the app. If you look through the thousands of apps in the OIN you will see that every app can be a SWA app.

    Okta Administration Perspective for SWA apps

    The Okta Administrator has many options for configuring sign-in options. As an example, the administrator can make the SWA credentials match the Okta credentials so additional sign-ins are not required after authenticating with Okta.

    Here is a list of the SWA options the Okta administrator can set:

    • User sets username and password
    • Administrator sets username and password
    • Administrator sets username, user sets password
    • Administrator sets username, password is the same as user's Okta password
    • Users share a single username and password set by administrator

    How can I set the usernames and passwords for a particular SWA app?

    1. Outside of Okta, access the downstream app you wish to assign
    2. Establish the username and password within the app
    3. Return to Okta and access or create the app in the OIN
    4. Choose the Sign On tab (or step) on the app page
    5. Choose Administrator sets username and password, and then click the Next
    6. Assign the app to users and assign their usernames and passwords

    SWA End User Experience

    Once the Okta Admin assigns an SWA app to a user, they will see that app as a chiclet in their Okta Dashboard. Selecting that app chiclet enables the end-user to set up and update their credentials for that application. Okta stores the end user's credentials in an encrypted format (AES encryption) using strong encryption, combined with a customer-specific private key. When end users click an application icon, Okta securely posts their credentials to the app login page over SSL, and the user is automatically signed into the application.

    Common Misconceptions About SWA Apps

    Does SWA automatically allow me to disable users?

    No. Provisioning is not part of SWA. You will have to manually access the app to disable that user.

    How do I configure a one-to-many user account using SWA?

    Users share a single username and password set by administrator Select this option if you have a single app license or a single app account (such as Twitter) that will be shared by multiple people in your organization.

    To set the shared credentials for a shared app, do the following:

    Outside of Okta, access the downstream app you wish to assign. Establish the username and password within the app. Return to Okta and access or create the app in the OIN. Choose the Sign On tab (or step) on the app page. Choose Users share a single username and password set by the administrator, and then click Next. Assign the app to users.

    Note: You can enable the Password reveal feature when this option is selected but it will only allow admins to reveal the shared password. End users cannot reveal shared passwords.

    How can I check my SWA login credentials?

    Inside the Okta End User Dashboard click on the gear icon on the top corner of the app chiclet. Click password reveal. Make sure your administrator permits you to do this.

    Do SWA apps enforce login through Okta only?

    No. With SWA apps you can also log in directly to the app login page.

    SWA is an integral part of every Okta Deployment

    Ironcove uses SWA strategically to help companies quickly achieve full Okta end-user adoption. Since every app can be SWA-enabled we like to start with SWA. Although SWA is not as secure as SAML, it is an important ingredient to a successful Okta deployment.

    If you would like to learn more about SWA and Okta, give us a call 888-959-2825 and we would be happy to answer your questions.

    Cloud Licensing Providers we support.

    Real-time, support for your Okta needs, delivered directly via our Slack channel.

    Talk to us

    Phone & Hours

    (888) 959-2825
    Monday-Friday: 9am to 5pm


    8117 W. Manchester Ave
    Suite 915
    Playa Del Rey, CA 90293