Blog

What is the Okta Integration Network?

November 7, 2024

What is the Okta App Store or Integration Network (OIN), and should you use it?

The Okta Integration Network (OIN) is a gallery of thousands of applications pre-integrated with Okta's identity platform.

It simplifies the rollout of new applications while maintaining strict security standards through a verification process that each integration must pass.

What is unique about the OIN?

The OIN focuses on automated configuration and standardized integrations. Each verified integration follows consistent patterns for authentication, provisioning, and lifecycle management.

Integrations have badges indicating whether they support SAML, SCIM, Universal Logout, and other protocols or patterns.

Extending Integrations with Okta Workflows and Connector Builder

What if you want every failed provisioning event to trigger an alert email, but the team responsible for maintaining your SSO integrations lacks developers?

Okta Workflows brings low-code automation to the OIN ecosystem, enabling organizations to automate complex processes without developer intervention. With a drag-and-drop interface, users can configure workflows for onboarding, offboarding, role changes, and access revocation based on custom triggers.

The Connector Builder is a no-code development tool that allows organizations to create custom connectors for applications not yet listed in the OIN.

Connector Builder enables companies to package these integrations with custom authentication, branding, and reusable workflows for applications that might have specific SAML, OIDC, SWA, or SCIM requirements.

These custom connectors are initially private to the organization, ensuring that businesses can immediately address internal integration needs.

However, organizations have the option to submit their custom connectors for public listing in the OIN. This private-to-public pathway allows companies to build and potentially share specialized connectors.

Passing the Okta Integration Network verification process

The OIN verification process sets a high bar for integration quality. Every submission undergoes:

  • A security review of authentication endpoints
  • Automated testing of user lifecycle flows
  • UX evaluation of sign-in experiences
  • Regular re-verification to maintain listing status

Using the OIN Wizard for pre-submission testing

Okta offers developers the OIN Wizard, which includes built-in testing tools that verify both IdP and SP-initiated flows, ensuring consistent behavior across deployment scenarios. For SCIM integrations, it provides detailed test plans to verify user lifecycle management works correctly.

Before submission, every integration must pass automated test suites, and the OIN team conducts additional QA testing before publication.

Who uses the Okta Integration Network?

Enterprise IT and Security Teams

Okta administrators can deploy pre-verified integrations through the Okta Admin Console. The console allows teams to manage authentication policies, user provisioning, and access controls.

Security teams can enforce consistent policies, such as requiring phishing-resistant authentication for all financial applications.Software VendorsSaaS providers can publish their applications in the OIN.

They must implement SAML SSO according to OIN specifications, support automated user provisioning via SCIM, and maintain their integration through regular testing and updates.

System Integrators and Developers

Developers within an Okta Developer Edition organization can build custom integrations using OIN templates and tools.

The Okta Application Integration Wizard (AIW) is a testing toolkit that assists developers in ensuring their integrations are ready for submission.

How to Get into the Okta Integration Network

It’s free to submit and list integrations on the OIN or Okta App Store. You can use either the OIN Manager or the OIN Wizard to prepare and submit your app, but your submission must meet all of the OIN submission requirements.

Okta App Store requirements

1. Multi-Tenancy Support

Your application must support multiple instances, each with unique credentials for different customers.  

2. Required Artifacts

Logo: Provide a clear, well-designed logo in PNG, JPG, or GIF format, less than 1 MB in size.

App Description: Offer a concise description of your application and its integration with Okta.

Use Case: Define the primary use cases your application addresses.

Customer Support Contact: Provide customer support contact information, including email, URL, or phone number.

Test Account: Create a dedicated test account for Okta’s verification process.

Customer Configuration Document: Develop a guide detailing the steps for customers to configure the integration.

3. Compliance with OIN Limitations

Ensure your application adheres to the specific features and limitations supported by the OIN.

4. Access Requirements for OIN Wizard

To use the OIN Wizard for submission, you must have either the Super Admin or the App and Org Admin roles assigned in your Okta Developer Edition organization.

Steps to Submit Your App to the Okta Integration Network

1. Create Your Integration: Start by building your integration using Okta’s Application Integration Wizard (AIW), Connector Builder, or API tools. You’ll need to ensure your app supports common protocols like SAML, OIDC, or SCIM.

2. Configure and Test with the OIN Wizard: Okta provides the OIN Wizard to test and validate both identity provider (IdP) and service provider (SP) flows. For SCIM integrations, the OIN Wizard offers a detailed test plan to verify user lifecycle functionality, covering onboarding, role changes, and deprovisioning.

3. Meet Security and UX Standards: Each integration undergoes a security review to ensure that endpoints are securely configured and that protocols like SAML include signed assertions. Okta also evaluates the UX of sign-in flows to guarantee a user-friendly experience across devices and browsers.

4. Submit for Approval: Once you’ve completed testing, submit your integration for review. Okta’s team will perform additional quality assurance (QA) checks, including a rigorous security review and usability evaluation, to confirm that your app meets OIN’s standards.

5. Approval and Listing in the Okta App Store: After passing all tests and reviews, your application will be listed in the Okta Integration Network (OIN), making it available to Okta’s global user base.

Why Submit to the OIN?

Listing in the OIN helps boost your app’s visibility and credibility with enterprises that rely on Okta to streamline identity management.

For developers and SaaS providers, getting listed in the OIN connects your app with a broad audience of enterprises looking for verified, easy-to-deploy identity solutions.

Example: Salesforce Integration with OIN

Let’s explore how an enterprise might use the Okta Integration Network (OIN) to manage Salesforce access for its sales team.

Initial Configuration

The admin selects Salesforce from the OIN catalog and manually configures SSO and SCIM provisioning options to align with organizational requirements. Okta guides the admin through the setup and offers suggested configuration options for common use cases.

How OIN Manages Users

Okta maps groups to appropriate Salesforce roles, automates user provisioning and deprovisioning via SCIM, and facilitates access control by managing user roles based on Okta group memberships.

The Result

When a new sales representative joins, they automatically receive access to Salesforce with appropriate permissions based on their Okta group assignments. When they leave, their Salesforce access is automatically revoked across all devices.

Supported Authentication Methods

SAML 2.0

The most common enterprise SSO protocol is deeply integrated into the OIN. Verified integrations must support SAML 2.0 with specific security requirements, including signed assertions and secure certificate handling.

OpenID Connect

For modern applications, OIN supports OIDC flows with built-in security best practices. The Okta Sign-In Widget provides a consistent authentication experience while supporting customization.

SCIM Provisioning

Automated user lifecycle management is a core requirement for OIN verification. Integrations must support the SCIM 2.0 protocol for user provisioning and de-provisioning.

Should you use the OIN?

The OIN makes sense for organizations that want to:

  • Rapidly deploy enterprise applications with consistent security
  • Automate user lifecycle management at scale
  • Ensure integrations follow security best practices
  • Reduce the overhead of maintaining custom integrations

However, organizations with highly specialized authentication requirements or those needing deep customization of identity flows might find the standardized approach limiting.

Similarly, if your organization requires integration patterns that don't align with OIN's verification requirements, you might need to explore alternative solutions or build custom integrations outside the network.

If you're looking for enterprise-grade identity features that are simpler to configure and already used by thousands of companies you recognize in production, try WorkOS today.

In this article
Link
Link
Link
We’re hiring

Our global team is growing and we’re hiring all types of roles.

View open roles
About us

WorkOS builds developer tools for quickly adding enterprise features to applications.

Learn more

This site uses cookies to improve your experience. Please accept the use of cookies on this site. You can review our cookie policy here and our privacy policy here. If you choose to refuse, functionality of this site will be limited.