Single Sign-On for Internal Apps
Okta is a powerful tool for single sign-on (SSO) that enables corporate users to easily access all their applications from a uniform, single access launch pad. End-users like using Okta because they only need to remember and use a single password. IT administrators like deploying Okta because they can manage all of their apps in one place, reduce the time and effort supporting the organization, and offer a better user experience to their employees and third-party contractors. While many applications work seamlessly with Okta, there are several critical applications that do not, which means the organization is unable to get the full benefit of their Okta deployment. Applications from Oracle, SAP and Atlassian and Microsoft do not work with Okta. In addition, internally developed corporate applications for supply-chain, finance, manufacturing, dev-ops and collaboration may not be designed to work with Okta (a SAML-based identity provider).

There are typically a few ways to solve this problem, neither of which is a good solution:

• Engage a systems integrator to build, or internally develop, a custom solution to make apps work with Okta
• Ask end users to sign in several times – once to Okta and then to the application
• Deploy a VPN, or put applications in the DMZ to make them accessible from outside the firewall
Akamai Enterprise Application Access
Enterprise Application Access provides a unique access service that bridges the single sign-on (SSO) gap between many on-prem corporate applications that don’t support modern federation protocols such as SAML. This critical functionality enables IT to leverage the full utility of Okta, manage access to all resources centrally in Okta and to provide a frictionless, comprehensive SSO experience across the enterprise.
The Problem
Both end users and IT would prefer to leverage Okta as their launch pad for SaaS applications as well as corporate applications deployed in the data center or in a public cloud. So long as the application is designed to understand the Security Assertion Markup Language (SAML) protocol for authentication and authorization, apps can work with Okta. However, many applications continue to rely on one of the following options to implement SSO:

• Kerberos
• NTLM
• Custom HTTP headers (e.g. X-Forwarded-For-Remote-User)

To be able to support these options, it is critical for an in-path solution to convert information authentication/authorization information provided by Okta (by way of a SAML assertion) to a format the application will understand.

Companies have previously attempted to address the gap between Okta and applications from vendors such as Atlassian, SAP, Microsoft, Oracle and others by leveraging complex appliances that can provide a patchwork of bridging functionality. Not only have traditional solutions proven to be complex to deploy and manage, they tend to be quite expensive. High initial and ongoing costs, along with massive complexity, have resulted in many companies previously choosing to not integrate their business critical apps with Okta.
Enterprise Application Access Advantage: Simple, Secure and Cost-Effective
Enterprise Application Access delivers the critical functionality needed to seamlessly access on-prem applications and extend the Okta SSO scope to corporate applications delivered by vendors such as Atlassian, Microsoft, SAP and Oracle. By addressing this need in a secure and easy to consume model, Enterprise Application Access enables companies to extend the value delivered by Okta to all of their applications in an IT and user-friendly model. Crucially, Enterprise Application Access extends the SSO scope to these applications completely transparently. Enterprise Application Access requires zero changes to the application(s) and does not require customers to deploy complex appliances in their network, resulting in low to zero ongoing operational costs.

Enterprise Application Access enables SSO for applications, providing Okta users with the ability to realize:

• The full advantage of your Okta investment
• No more double entry of passwords for said applications
• Make apps available from the Okta applications launchpad
• Eliminate support and end user friction for applications that don’t integrate with Okta
• Users can access from any device; No plugins or other software needed