Is OIDC an appropriate sign-on method for a web application that doesn't support federation in Okta?

OpenID Connect (OIDC) is indeed a federation-based sign-on method designed to enable application authentication using identity providers like Okta. It operates as an identity layer on top of the OAuth 2.0 protocol, allowing users to authenticate and providing additional user identity information.

If a web application does not support federation, it means that the application does not have the capability to participate in federated identity management protocols and cannot delegate the user authentication process to an identity provider such as Okta. In this context, OIDC cannot be utilized effectively because it fundamentally relies on having an identity provider that can authenticate and manage user sessions. Therefore, using OIDC would not be feasible since the web application would not be able to process the federated authentication.

The appropriate sign-on methods for applications unable to support federation are typically simpler, traditional authentication mechanisms such as username and password, rather than relying on federation-based standards like OIDC.