|
|
|
|
|
|
by deathanatos
751 days ago
|
|
|
You and I can separate out SSO-the-feature from authz features, but it's all one product offering from Okta. A normal end-user is not making those distinctions. > If Okta is conflating things on their end Okta need not conflate anything; a layperson is going to see "Okta is our SSO system" → "Okta provides these things", and there you are. But groups muddy the water even further. Your SSO system is making authz decisions. If someone (reasonably, and correctly) asks, "can I have permission to use $app?", … and that app assignment is then made in Okta, there you are. Okta is far from the only such SSO to have such features, but it's also ridiculously widely used. (I don't know that I like that Okta hands app assignment to administrators, and not users, but such is the case. But things like group or role claims — essentially whatever passes for a modern day directory — that's authz, more or less, since the groups directly dictate.) |
|
|