Authenticate against multiple Okta directories for a mulit-tenanted SaaS product

Phalanx14 · March 4, 2022, 2:28pm

Hi,

I’m doing some work for a customer who has a SaaS product. It’s a single deployment ASP.Net website where tenants are separated on the database layer.

One of their customers already use Okta SSO and would like us to integrate sign on for them so that they can sign in through okta, no problem there, I’ve had a look at the sample apps and this should be easy for us to implement.

However we would like to be able to offer okta sign on to more than just this single tenant, therefore there would be multiple okta domains.

At the point of login we do not know which tenant the user belongs to.

Does any one have any thoughts about how we might best do this, could we perhaps create a single domain for our app to connect to and federate to multiple different Okta domains?

Thanks in advance

jkeller · March 9, 2022, 9:41pm

Were you able to find anything for this? I’m having a similar challenge.

bradbeighton · March 28, 2022, 11:25am

Hi @Phalanx14. Did you get an answer for this? I am looking to solve the same problem but as far as I can see this isn’t possible.

Thanks

Phalanx14 · March 28, 2022, 12:48pm

HI @bradbeighton ,

Not really but I found this page here…
https://help.okta.com/en/prod/Content/Topics/Provisioning/org2org/org2org-supported-features.htm

Which kinda of indicates that the way to do it is to have you own Okta domain and then integrate the other okta as spoke nodes…

more info here…
https://help.okta.com/en/prod/Content/Topics/Provisioning/org2org/org2org-integrate.htm

Hope that helps you