In which scenario should an Okta administrator NOT use the OIDC sign-on method?

The OIDC (OpenID Connect) sign-on method is designed for user authentication and is well-suited for scenarios where applications need to authenticate users in a secure and standardized manner. However, it may not be the best choice in certain situations, particularly when the application does not support federation.

In a scenario where the application is unable to support federation, using OIDC could lead to complexities since it relies on a federated identity model to communicate and authenticate with the user. Federation typically involves sharing a user’s identity across multiple domains or systems, which is essential for OIDC functionality. If the application cannot handle this federated approach, OIDC would not be effective, and it would make more sense to use alternative sign-on methods such as SAML, which may be more compatible with non-federating applications or simpler authentication systems.

Thus, the key aspect here is that for applications lacking federated support, OIDC is not a viable option, making this scenario distinctly unsuitable for utilizing the OIDC sign-on method.