I am looking to build a SAAS application using Okta as the Service Provider, but one of the requirements is that the end users would be authenticated through an external IDP.
By using Okta, must all users being passed through the application exist with a master profile, or can we do a passthrough authentication from the IDP?
You can have an external IdP configured in Okta, which will do authentication for you if you configure routing rules. The rest you can try to figure on your own, as I’m not exactly sure about all the details of your architecture.