We are trying to connect Okta to an Idp, the integration is smooth and works fine.
Using Okta-hosted login page
Disabled auto account link (the user id or ‘sub’ from the Idp cannot match any attribute in Okta user)
Disabled JIT (all of the users are sync from AD, no user creation is excepted)
To enable Okta user to link their Idp account, we have implemented an Webapp to offer the account link function, which is using idp link api “POST /api/v1/idps/ {idpId}/users/{userId}”.
So, user can link the idp account by this flow: Okta login page → login okta → select Webapp → click link Idp → login Idp → success
However, the login experience is not good enough, user will receive ‘400 Error’ when the user try to login idp directly in Okta login page.
Is it possible to implement a custom Idp login flow in Okta login page?
The flow would be:
Okta login page → login Idp → (no okta user matched) → login Okta by other login method → link Idp → go to ‘/app/UserHome’ page
Thanks!