Authenticate against multiple Okta directories for a mulit-tenanted SaaS product

Questions
1

Hi,

I’m doing some work for a customer who has a SaaS product. It’s a single deployment ASP.Net website where tenants are separated on the database layer.

One of their customers already use Okta SSO and would like us to integrate sign on for them so that they can sign in through okta, no problem there, I’ve had a look at the sample apps and this should be easy for us to implement.

However we would like to be able to offer okta sign on to more than just this single tenant, therefore there would be multiple okta domains.

At the point of login we do not know which tenant the user belongs to.

Does any one have any thoughts about how we might best do this, could we perhaps create a single domain for our app to connect to and federate to multiple different Okta domains?

Thanks in advance

1 Like
2

Were you able to find anything for this? I’m having a similar challenge.

3

Hi @Phalanx14. Did you get an answer for this? I am looking to solve the same problem but as far as I can see this isn’t possible.

Thanks

4

HI @bradbeighton ,

Not really but I found this page here…
https://help.okta.com/en/prod/Content/Topics/Provisioning/org2org/org2org-supported-features.htm

Which kinda of indicates that the way to do it is to have you own Okta domain and then integrate the other okta as spoke nodes…

more info here…
https://help.okta.com/en/prod/Content/Topics/Provisioning/org2org/org2org-integrate.htm

Hope that helps you