Basic question from naive user

Hi, folks. I hope you’ll help me with a very basic question.

When users from a company try to access a resource on our site, they are redirected to our Okta identity provider. In other word, a company with whom we do not have a federated identity comes to us (the Service Provider) and the requests get redirected to Okta (the Identity Provider).

I can’t figure out why. Is there anything on the requester’s side (the client) which could cause this? Or must the (mis-)configuration be on our side?

I hope this question makes sense. Please indulge me! :slight_smile:

Hi @rmullis

There are multiple reasons why this would occur:

  • the customer configured federated authentication with Okta
  • the customer created a permission for certain pages to be accessible only with an Okta authentication (this can be in the form of JavaScript/HTML/back-end language verification if your application supports it)
  • there is a misconfiguration deployed to production which prompts users to be logged in to Okta

Do you have the path that the users are accessing when being redirected to Okta? This can help in narrowing down what the users are accessing on Okta’s end.

Hi, @dragos. Thank you for your helpful reply. I hope to get some time with the IT group for the customer, and I’ll seek answers to the questions you raise.

I do have the path that is redirecting the users to Okta. I will analyze that with the info I get.

This SAML Tracer Extension to Firefox might be helpful:

Thank you again, and I’ll et you know what I learn.