Authentication without username/password

We have a business need where we want to get access / Id token for a user without using username/ password. We want to use SSN , DOB , PIN for authenticating user . The idea is, we want Okta to maintain the tokens instead of we building custom IAM app.

Not able to find any reference links/docs

I hope I understand your question correctly, you aren’t saying if this is a SPA, traditional web app, etc. Or how you want Okta to manage the session. If you use a secure application (server-side) with an access token you can do this to handle the login and have Okta put its session cookie in the browser:

  1. Present a login page to the user that asks for PIN and password (or DOB, etc.) I wouldn’t go with SSN or birthday by the way, they are both security risks for the user. And, make sure you use SSL with this form!
  2. Use the access token to call the API and find the user based on the field you are using, that will give you the username for login (which is always an email address).
  3. Use the API to login the user (you are the proxy) with the username you located and the password you read from them.
  4. The API will give you back a “session token”. Redirect the browser to Okta with the session token and the page the user needs to come back to on your application. That page has to be a URL registered for the application in the Okta application configuration. The user won’t see this happen, but the Okta session cookie for SSO will be set by Okta in the browser, so SSO will work for other applications in your Okta organization (tenant).

Look at the session API documentation: Sessions | Okta Developer.

we won’t be able to get password from user. Is there a way to get tokens without authorizing users with username and password

SSN will be last few digits

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.