Enforce Zero Trust Security Policies for Public Applications integrated with Okta

  • Last validated: Jul 18, 2023

This section describes how to enforce Cloud Secure Edge (CSE) zero-trust security policies for public (SaaS) applications integrated with Okta. If instead you want your end users to use Okta SSO to authenticate into CSE, see configuring your Okta IdP to manage your directory of users.

As described in the Securing Public Applications overview, CSE secures SaaS applications with two independent techniques. They are alternatives or complements — use either on its own, or both together:

  • IdP Federation — route Okta authentication through CSE so device trust is validated at sign-in, across all applications behind Okta. The strongest control.

  • IP Allowlisting — require traffic to egress through CSE (Service Tunnel) before Okta or the application grants access. Lighter, per-application, and also works for apps not federated with Okta.

Was this page helpful?