Authenticate with email + custom field?

We are wondering If we can leverage the authentication just using a custom attribute via API.
For example:

  • User inputs customer number + date of birth (for example)
  • User is redirected to our custom “authentication” API and uses the find user by custom field to find the combination
  • If user found and valid, we create an authn session on their behalf via the custom api (we won’t know their password)
  • We generate the OIDC tokens and return it to the initial screen.

I’m specially curious about the 3rd step If that can be accomplished through Okta’s API’s.
Maybe primary authentication with trusted app?

Just to mention we will have control over the initial screen, all under same IP range, etc. And we are trying to achieve a faster login experience in a Point of Sale involving a few thousand workers login in and out…
Any suggestions welcome.

Thanks in advance!

I don’t believe Okta allows impersonation of any kind. So you can’t create a session for a user w/o them doing login with username and password (or other methods, like WNA, PIV, external IDP…)