Business Use case -
User should have a unified login experience as he navigate from one okta property to another. That is if the user is already authenticated in one of the application and he navigates to another application (which is a public website that can be accessed both as anonymous user as well as authenticated user) then user will be SSO logged In if the user is having an active Okta session.
Details :
IDP - Okta
Applications behind Okta -
Application1 (completely restricted) . This application uses Okta SAMl for authentication. This application has the login functionality and hosts the login page.
Application to be put behind Okta -
Application2 . This application is a public website. We want to bring Application2 behind same Okta IDP
Entire website can be browsed by the user either as anonymous user or logged in user .
Use Case :
User come to Application1
User login to Application1
User get authenticated to Application1
User navigate to Application 2
If the user okta session is active then user will be routed to Okta for Single Sign On and after seamless authentication land on the website as logged in user
If the user okta session is not active then user will be not be routed to Okta for Single Sign On and user land on the website as an anonymous user
With the above business use case in place, I have two question -
Once the user is authenticated by Okta, how Okta session state can be transmitted between applications. So that application can just look for that session state and if session state is active route the request to okta for single sign on