> ## Documentation Index
> Fetch the complete documentation index at: https://bloodhound.specterops.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Okta_OrgSWA

> Secure Web Authentication from an Okta application to an external organization

<img noZoom src="https://mintcdn.com/specterops/tTIczgde9H07oLXf/assets/enterprise-AND-community-edition-pill-tag.svg?fit=max&auto=format&n=tTIczgde9H07oLXf&q=85&s=ad49a576589f4d2a8081df77d07fdf56" alt="Applies to BloodHound Enterprise and CE" width="482" height="45" data-path="assets/enterprise-AND-community-edition-pill-tag.svg" />

## Edge Schema

* Source: [Okta\_Application](/opengraph/extensions/okta/nodes/okta_application)
* Destination: [GH\_Organization](/opengraph/extensions/github/nodes/gh_organization), [jamf\_SSOIntegration](/opengraph/extensions/jamf/nodes/jamf_ssointegration), [OP\_Account](https://github.com/SpecterOps/1PassHound), [SNOW\_Account](https://github.com/SpecterOps/SnowHound)
* Traversable: ❌

## General Information

The non-traversable Okta\_OrgSWA edges represent the Secure Web Authentication (SWA) relationships between Okta applications and supported external organizations or tenants. SWA stores user credentials in Okta and automatically fills them in when users access the application, which is less secure than federated SSO protocols.

```mermaid theme={null}
graph LR
  subgraph okta["OktaHound"]
    direction TB
    o("Okta_Organization contoso.okta.com")
    app1("Okta_Application Jamf Pro SWA")
    o -- Okta_Contains --> app1
  end
  subgraph "Jamf"
    direction TB
    jamf("jamf_SSOIntegration contoso.jamfcloud.com-SSO")
    app1 -. Okta_OrgSWA .-> jamf
  end
```

The respective BloodHound collectors, e.g., OpenHound Github for GitHub organizations and OpenHound Jamf for Jamf Pro tenants, must be used to gather the external node information.