Can Okta as IdP authenticate user without organization?

Hi there, Does Okta support authenticate user identity not limited to a specific organization? In other words, we just want to verify whether a user(email) is registered on Okta. The user(email) might be belonged to any organization.


Hi @Mike2, is your requirement to check whether a username (in email address format) is already registered in an Okta organisation?

If so, you can build something to call the Okta users API and do a search. There’s a few options based on what data you have.

Okta doesn’t force all users to have the same email address suffix for one particular organisation.

@adoble, thanks for the reference.
Okta users API supports the query for the user only within a particular organization. However, it dose NOT support the query for other organizations.
Anyway, I’ll do a further investigation.

Correct there’s no way to search globally across all Okta orgs. Is that what you’re trying to do?

If its a few orgs you control, you could try that API on each one.

If I understand correctly, like Microsoft has tenants, there is also a identity a user can use for social logins without being part of any specific Organizations Microsoft tenant?

If so, no Okta does not have an integration where a user could user their Okta account, only individual Okta tenants can act as an IdP for their associated accounts.

Hi @erik, there sure is. You’d onboard all the other social identity providers you’d like to offer Users. Here’s a link. All the usual ones are there like Google, Facebook, etc.

If their personal email isn’t associated with and IdP, they can still use that to register their username - they don’t need some kind of company issued domain suffix in their username.