In my organization, we are using OKTA as OAuth provider. We have a few applications where It is used by external client with their own SSO.
We are using Azure APIM as API gateway to expose , protect organization API. We validate OKTA JWT token in each API request.
As clients have their own SSO, We are having a hard time to authenticate client users. Can OKTA integrate with Client IDP and create it;s own JWT token ?
What will happen when a user leaves the Client organization? Does OKTA remove the User from it’s store ? Can anyone explain this ?
Should I follow this approach which is mentioned in this article ? /docs/concepts/identity-providers/#how-okta-connects-to-external-identity-providers
Yes, Okta can integrate with external identity providers (IDPs) to authenticate users and generate its own JWT tokens. This is done through federation, allowing Okta to validate the client’s IDP assertions and issue its JWT tokens. When a user leaves the client’s organization, Okta won’t automatically remove them, but you can use SCIM for synchronization to reflect user deactivations. Following the approach in the article on integrating external IDPs with Okta is recommended for handling SSO across organizations. This setup will streamline authentication and maintain security within your API ecosystem.
Hello,
Yes, Okta can integrate with a client’s Identity Provider (IDP) using federation protocols like SAML or OIDC. When a client user authenticates through their IDP, Okta generates its own JWT token for API access. If a user leaves the client organization, the client’s IDP should update Okta, deactivating the user. This integration allows Okta to manage authentication and user status, ensuring secure and seamless access control for your applications.