Handling Multiple Environments & Configuration Access

My company is currently deciding on whether to use Okta. We have a developer preview account and I have been using that to build a prototype. I’m not sure if the enterprise version is different from the preview version so I had a few questions to help me plan ahead for if we decide to go with Okta.

My first question relates to how to structure the tenant to handle multiple environments. We have a Dev, Test, Staging and Production environment and each would obviously have different users. It seems that Okta offers a single tenant per user account, so I am thinking that I have to store my dev/test/staging/prod users all in this same tenant. If that is correct, is the proper way to handle different environments to create different groups and apps for each environment and then have each app have a default group that is associated with the proper environment group (in addition to the common Everyone Group)?

If the above is correct, I think that would also mean that each of my groups that are used in the actual application need to be environment specific (i.e Dev-Admin, Test-Admin, Prod-Admin, etc) because a single user account could belong to multiple environments. That seems to be incredibly cumbersome so it just seemed odd to me that this would be the way to go about it. Can you let me know if this is the right way to think about it?

The application we have currently has an Angular front end and a .NET Core API end. I am assuming that each of those would need their own app entry for each environment we have. So ultimately we would end up with 8 Applications (one for each end crossed with 1 for each environment). Is that correct or is there a different way I should be structuring things?

For automated testing, I was going to build a tester to test various aspects of the account workflow (register, login, forgot password, change password, etc). I didn’t see anything in the Okta dashboard that allows for fully deleting a user. That would obviously throw a big wrench in the testing process because then I would have to create a new login for each time I needed to test the registration process. Is there a way to fully delete a user account?

Lastly, I was using the Okta signin widget to handle the registration/login/forgot password process but we ran into a few issues that were really weird. Things like,

  1. users being asked a security question to reset their password eventhough they never created one
  2. users going through the forgot password process, whent they couldnt answer the question they never created, were sent to the sign up screen and then automatically redirected to the Okta dashboard upon creation of the account.
    Is the Okta-signin widget for Angular ready for production or are these somehow issues with my configuration? If they are issues with my configuration, can you help me find out what the issues are?

Thank you in advance for your responses.

Jacob

For first question, one tenant per environment is probably best then manage config with terraform: