Home

Question about 3rd Party SSO passing through Tabs

%3CLINGO-SUB%20id%3D%22lingo-sub-328889%22%20slang%3D%22en-US%22%3EQuestion%20about%203rd%20Party%20SSO%20passing%20through%20Tabs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-328889%22%20slang%3D%22en-US%22%3E%3CP%3EMy%20organization%20using%20Okta%20for%20SSO%20authentication.%26nbsp%3B%20We%20have%20to%20authenticate%20with%20Okta%20when%20we%20initially%20sign%20into%20the%20application.%20Why%20is%20it%20that%20any%20tabs%20that%20are%20added%20have%20to%20be%20re-authenticated%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThere%20are%20also%20cases%20where%20some%20of%20our%20web%20applications%20(added%20in%20as%20a%20tab)%20need%20to%20be%20authenticated%20if%20they%20are%20not%20publicly%20shared.%20In%20the%20picture%20example%2C%20clicking%20on%20the%20tab%20to%20open%20the%20web%20application%2C%20requires%20us%20to%20authenticate%20with%20Okta.%26nbsp%3B%20Clicking%20on%20the%20button%20opens%20a%20new%20browser%20window%20to%20authenticate%20but%20ends%20up%20failing%20throws%20out%20an%20error.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F71576iD780D234B254249F%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22OKTAGISandMSTeams.png%22%20title%3D%22OKTAGISandMSTeams.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-328889%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EMicrosoft%20Teams%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-329191%22%20slang%3D%22en-US%22%3ERe%3A%20Question%20about%203rd%20Party%20SSO%20passing%20through%20Tabs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-329191%22%20slang%3D%22en-US%22%3EVery%20interesting%20scenario...I%20simply%20think%20is%20not%20ready%20to%20handle%20it%2C%20but%20I%20would%20love%20to%20know%20the%20%22official%20word%22%20here...one%20solution%20could%20be%20to%20build%20a%20custom%20tab%20for%20any%20web%20application%20where%20authentication%20happens%20in%20a%20third%20party%20SSO...but%20I%20would%20like%20to%20know%20if%20there%20are%20any%20other%20options%20here%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-329113%22%20slang%3D%22en-US%22%3ERe%3A%20Question%20about%203rd%20Party%20SSO%20passing%20through%20Tabs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-329113%22%20slang%3D%22en-US%22%3EHmm.%20This%20is%20an%20interesting%20one.%3CBR%20%2F%3E%3CBR%20%2F%3EDoes%20the%20auth%20request%20happen%20in%20every%20single%20tab%20you%20create%3F%20What%20I%20mean%20here%20is%20does%20it%20happen%20with%20Stream%2C%20Forms%2C%20SharePoint%20-%20the%20default%20365%20apps%3F%20Some%20third%20party%20apps%20like%20Invision%20need%20credentials%20which%20aren%E2%80%99t%20the%20same%20as%20365%20and%20may%20explain%20why%20it%E2%80%99s%20prompting%20in%20cerain%20cases.%3CBR%20%2F%3E%3CBR%20%2F%3EIn%20terms%20of%20your%20web%20apps%20I%20can%20find%20another%20example%20of%20this%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fcommunity.esri.com%2Fthread%2F212767-enterprise-login-through-microsoft-teams-web-tab-error%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fcommunity.esri.com%2Fthread%2F212767-enterprise-login-through-microsoft-teams-web-tab-error%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EThis%20put%20me%20onto%20this%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.esri.com%2Fen%2Ftechnical-article%2F000012930%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.esri.com%2Fen%2Ftechnical-article%2F000012930%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EI%20don%E2%80%99t%20think%20it%E2%80%99s%20the%20exact%20same%20issue%20but%20it%20points%20to%20issues%20between%20ESRI%20and%20Okta%20which%20may%20point%20in%20the%20right%20direction.%20Personally%20I%20would%20raise%20this%20with%20Okta%20as%20they%20may%20have%20come%20across%20the%20scenario%20previously.%3CBR%20%2F%3E%3CBR%20%2F%3EHope%20this%20helps%20to%20answer%20your%20question.%20I%20will%20be%20very%20interested%20to%20hear%20the%20outcome.%3CBR%20%2F%3E%3CBR%20%2F%3EBest%2C%20Chris%3C%2FLINGO-BODY%3E
Seth Docherty
Occasional Contributor

My organization using Okta for SSO authentication.  We have to authenticate with Okta when we initially sign into the application. Why is it that any tabs that are added have to be re-authenticated?

 

There are also cases where some of our web applications (added in as a tab) need to be authenticated if they are not publicly shared. In the picture example, clicking on the tab to open the web application, requires us to authenticate with Okta.  Clicking on the button opens a new browser window to authenticate but ends up failing throws out an error.

 

OKTAGISandMSTeams.png

 

2 Replies
Hmm. This is an interesting one.

Does the auth request happen in every single tab you create? What I mean here is does it happen with Stream, Forms, SharePoint - the default 365 apps? Some third party apps like Invision need credentials which aren’t the same as 365 and may explain why it’s prompting in cerain cases.

In terms of your web apps I can find another example of this

https://community.esri.com/thread/212767-enterprise-login-through-microsoft-teams-web-tab-error

This put me onto this

https://support.esri.com/en/technical-article/000012930

I don’t think it’s the exact same issue but it points to issues between ESRI and Okta which may point in the right direction. Personally I would raise this with Okta as they may have come across the scenario previously.

Hope this helps to answer your question. I will be very interested to hear the outcome.

Best, Chris
Very interesting scenario...I simply think is not ready to handle it, but I would love to know the "official word" here...one solution could be to build a custom tab for any web application where authentication happens in a third party SSO...but I would like to know if there are any other options here
Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
48 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies