Ah, I understand. You need to add Okta SSO to an app that doesn’t support a standard SSO protocol. (I assume QV doesn’t support SAML?) Are your users internal employees of your company?
I want to make sure I understand this part:
Do you mean SSO to other Okta-enabled applications? In other words, keep the user signed into Okta so they can access their Okta dashboard, other Okta apps, etc. Is that right?
There are two ways you can achieve this:
- Do it all through your Authenticate.aspx page, by using the Authentication API to verify the user’s login and password. You will need to write HTTP code to talk to the Authentication API yourself (we’re working on an SDK). After you receive a response containing the user’s
id, you could then use our .NET SDK to query the user’s groups. Note that this approach does not start an SSO session for the user, so they will not be logged into Okta or other apps. - Build a small app with our ASP.NET middleware instead that redirects to the Okta-hosted login page and then back to the app with an ID token. The ID token will contain the user’s info, and you can customize it to include groups as well. Then pass that info to the QV SDK and redirect to QV. The user will have an Okta SSO session in their browser.
Let me know if that makes sense!