Allow client users to sign in to my application using their client okta account credentials

I am looking at a requirement where users from different orgs who act as agents to my application can log in to my app using the existing Okta account credentials(for their org)

In this case I may not know the domain that this particular org has on Okta so redirecting to specific client org domain is not possible.

  1. is there a way my application can redirect to a generic login page where user can select his organisation and complete the the login process?

  2. if this is possible will okta return the auth tokens/assertions to my app?

The only way for a user to be able to access an application within your Okta org is for them to be a member of that org and assigned to the application in question.

If feasible, you could look to create IdP connections between your org (where you would create the Identity Provider) and the external orgs (where you would need to create a SAML/OIDC app that you can use for the IdP integration).

Beyond that, I don’t see any other solution unless you want to create a Service App for each of your agents that they could then receive tokens (from your org) using Client Credentials grant (note that this is only possible in orgs with the API Access Management SKU).

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.