Which sign-on method should an Okta administrator use for a web application that does not support federation?

In scenarios where a web application does not support federation, the Sign-On Method known as Secure Web Authentication (SWA) is the most appropriate choice. SWA is a method specifically designed to enable single sign-on capabilities for applications that lack built-in support for more sophisticated authentication protocols like SAML or OIDC.

With SWA, the Okta administrator can configure Okta to simulate a login to the target web application by capturing and securely managing the username and password credentials. When end-users attempt to access the application, Okta will automatically enter the credentials to log them in seamlessly. This approach is particularly beneficial for legacy applications where integration options may be limited.

In contrast, OIDC (OpenID Connect) and SAML (Security Assertion Markup Language) are modern federation protocols that rely on the application being able to communicate with an identity provider like Okta to authenticate users. Since the question specifies a lack of federation support in the application, using OIDC or SAML would not be viable options.

An API Token serves a different purpose and is typically used for authenticating programmatic interactions with an API rather than providing user access to web applications. Therefore, in cases where federated authentication is not available, SWA serves as the best solution to ensure