Question 16
In order for SAML to work, there is a need of an IDP and an SP and we know that already, but why is it so? Because:
Solution: An SP authorizes the users, while the IDP authenticates them
Question 17
When a user signs out of Okta, if they are using IWA, they'll be redirected to the Sign In page and without inputting credentials they'll be signed back in Solution: Statement is true, but then they'll be displayed a 403 HTTP code (Forbidden)
Question 18
When you are trying to federate (via WS-FED) Office 365 with Okta:
Solution: You can try to federate multiple Office 365 custom domains into a single Okta Office 365 app instance via SWA SSO protocol
Question 19
In an SP-initiated SAML 2.0 flow, the SP will never redirect to Okta if the session is already active Solution: It will always redirect to Okta and in this case only - will promt the user for re-authentication by manually entering SP credentials
Question 20
As an Okta admin, when you implement IWA, you have to know how to successfully test it to see if it's working. For this you:
Solution: Restart AD Domain Controller and go into IIS and see if you have IWA references in there
