[hnzix]

> OpenId Connect performs the login

Doesn't this presume that the third-party app supports OIDC? Which again makes it dependant on the vendors, not Okta.

[jf]

It presumes that the legacy app supports an SSO protocol like OIDC, SAML, or WS-Fed. Ideally the app will support one of those protocols directly, otherwise it’s possible to bolt on support for one of those protocols via a proxy.