We have an architecture with few thousands of customers that use our own identity server in order to authenticate.
As a part of the project we got a request to authenticate our logged-in customer access to one of the third-party web sites, they support SAML Okta authentication. In other words the desired result is: customer login to our identity server, they are authenticated to this third party site also (StatusPage.io).
Questions are:
What Okta flow would you recommend us?
One example, is this possible, customer is logged in against our identity server, we create user for him on Okta, create his credentials and store them in DB. Any time in future he log-in, he is also logged in to Okta. If it is possible from where I should start?
Is it possible to log in customer into okta by refresh token that we have stored?
Any other idea is most welcome.