I am using .net web application where i want to implement SSO for our customer which already have okta account and users loaded to them.
I want to check user exist in customer side in okta before adding/creating that user in my database.
What is the best way to do it? I am trying using free developer account in which i have created OIDC application and i have client Id and Client Secret.
Do i need to create API Services application as well?
Hi Eddy, the client_id, client_secret will be needed to kick off the OIDC SSO flow (i.e. redirect the user to sign in via an IdP) for example, Enterprise-Ready Workshop: Authenticate with OpenID Connect | Okta Developer.
To check if the user already exists within Okta, yes, you will need to get the list of all users using our APIs and authenticate with an API token instead—see Users API for more info.
Hi Sigama, API token expire every month if not used so we don’t want to go that path.
I see, then yes you will need to create a service app as well and access your APIs via OAuth for Okta.
Hi Eddy, another option as @ram.gandhi has mentioned here is 
SCIM . Here Okta can send existing user info to your app, that way new users (with companies using Okta as an IdP) can log in with SSO immediately. Ram has written a blog on this. If decide you want to make this available to multiple customers, you can submit your SSO and SCIM integration to our Okta Integration Network. If you have any questions about submitting to the OIN you can join us at our integrators office hours.