Hi,
We’re using the Okta Workforce Enterprise Connection (OIDC-based) to allow our customers’ employees to authenticate via Okta. The SP-initiated flow works great.
However, we have a hard requirement from our customer to support clicking the app tile directly from their Okta dashboard (IdP-initiated flow). This is how their users expect to launch all their enterprise apps.
The painful workaround we currently use: Configure Okta as a SAML IdP instead of using the Okta Workforce connection, then use the IdP-initiated SAML → OIDC translation feature. This enables tile support, but it breaks the Okta Workforce integration - we lose the streamlined customer setup and other Okta Workforce-specific features.
Our customers are forced to choose between:
- Okta Workforce (OIDC) - Great integration, but no tile support
- Okta as SAML IdP - Tile works, but loses Okta Workforce features
This is a frustrating trade-off that shouldn’t exist.
Questions:
- Does the Okta Workforce Enterprise Connection support IdP-initiated login from the Okta app launcher/tile?
- If not, is there a way to enable it without switching to SAML?
- Is this on the roadmap?
Feedback: It’s surprising that this isn’t supported out of the box. Auth0 already supports deep linking via the /login/callback?connection= parameter - the infrastructure is there. For enterprises using Okta, the app tile is fundamental to the user experience. Not supporting it for the “official” Okta integration (Okta Workforce) while supporting it for the generic SAML integration feels backwards. This makes the Okta Workforce connection feel incomplete for enterprise customers. In addition, auth0 is owned by Okta…
Current Setup:
- Auth0 tenant with Okta Workforce Enterprise Connection
- Okta as workforce identity provider
- Web application using Auth0 for authentication
- Our app already handles Implicit Flow and the connection parameter (so the client-side is ready)
Thanks for any guidance!