How to use Okta for SSO between Multiple Apps in .NET


We are planning to implement Okta for single sign on. We have a .net based we application using mvc and currently authenticating via AD. Since our users are stored in active directory and we would be verifying against AD could you let us know how can we implement okta. What options we have and if you have any examples of .net to get started.


I put together a very bare bones .net app with two projects (and API project to act as a service endpoint and a client facing web app to act as the consumer of the API service)

It covers SSO using OIDC and Okta’s API Access Management. You could eliminate the API Access Management part and just change the URLs to point to the default Okta Auth Server endpoints. Hooking OKta up with AD is pretty easy and uses Delegated Auth so your users can authenticate with their AD credentials. This is just a brief general high level so could you describe your use cases in a bit more detail and possibly the project goal? This will help is pointing you in the right direction.

Thanks for your reply shawn.

We have a number of web applications where we are using forms authentication to authenticate the users. We have the users matched up against active directory. We were thinking of moving towards single sign on so that users dont have to login in every time to our applications and then somebody shared us information about okta. So I wanted to know how easy is it utilize okta to make our applications SSO. What all is needed to get started and how can we integrate our existing AD with okta. I will look at the code sample you shared.
So basically we are using MVC /.net as our technology.

Also I got your Demo projects, but I am not sure about how to get all the key values. I just have client id, client secret. Could you also let me know how can I get the below.

In OktademoApiserver web.config:

“okta:Org” value=“
"okta:ApiKey” value=“Okta API Key
"okta:OAuthIssuerId” value=“Okta Authorization Server Id
"okta:OAuthClientId” value=“OAuth Client Id”
“okta:OAuthSecret” value="OAuth Client Secret"
I just have okta:Org, okta:OAuthClientId and okta:OAuthSecret

In the OKtaDemoCustomerWebsite you have:

“apiBaseUri” value=“https://MyAPIUrl
“okta:OAuthRedirectUri” value=“https://MyRedirectUrlBase
“okta:OAuthIssuerId” value=“Okta Authorization Server Id”
“okta:Org” value=“
“okta:OAuthClientId” value=“OAuth Client Id”
“okta:OAuthSecret” value="OAuth Client Secret"
Again. I just have okta:Org, okta:OAuthClientId and okta:OAuthSecret

Where can I get the other values like apiBaseUri, okta:OAuthRedirectUri, OAuthIssuerId, ApiKey


Can we expect a reply for this? Is there any better way/forum/email to have our queries answered?

I have got one example from github where it shows how to implement OAuth with ASP.NET MVC, Okta and the Microsoft OpenID Connect OWIN middleware. Could you let us know if this would work for our case?

Switching your application from Forms authentication to OpenID Connect will probably require some major refactoring. Two questions for you:

  • Are you using any OWIN middleware in your current applications?
  • When you say SSO, do you mean that users have a single account that can log into multiple applications? Or that you want a dashboard with buttons to log into different services (like IdP-initiated SAML)?

Try the instructions from this sample, they are a little more detailed:

Thanks Nate for your reply.

No we are not using OWIN. We are just using AD as the membership provider.
Currently what we have is that the user uses his/her AD credentials to login to our application. So by SSO what I meant was when the user types in our URL and hits enter, instead of having them to manually type in their username and password we use OKTA to check, authenticate the user and redirect to our application home page. We dont need any dashboard as for now.
I looked at Okta JS example at
Do you think it will resolve our purpose. This is simple and works fine and I was able to authenticate fine but its just that the redirection to my home page doesnt works and it gives me 403 access forbidden error.

Hi Karen,
Sorry for the delay for some reason my email was blocking messages from here. It requires a bit info so what I will do is, in a subsequent post, I will post some steps to take to answer some of your questions.

Hi Nate,
I want to switch from Azure Active directory to Okta single sign on via SAML. Could you please provide me the steps how to proceed.
My application is in MVC .net 4.5, and I have used OAuth. Do I need to replace OAuth with SAML?

Hi @Prachi_Kalal, please post a new topic with your question, and include some more info so we can understand what you are building:

  • Who will log in - internal users/employees, or external users?
  • What does the application do (at a high level)? How does it need to interact with Okta?