We have an application which is used by multiple clients. Now some of the clients use Okta to manage access to different applications for their users. They want to use Okta to sign into my application. A user from the client org should be able to login to my application using the credentials from the clients org.
This seems to me a case of Hub and spoke model (my org is the hub while the client org is the spoke). I used Okta org2org application in the client org (source org) to create an integration with my org (target org). Now the client org can assign users to the org2org application and those users are created in my org (target org) and I can assign those created user to my application.
There are two problems:
- A copy was created (in my org) of the user which was assigned to the org2org app in client org. Can we avoid creating the copy of user into my org (we want to avoid extra costs related to the number of users since Okta charges on number of users)?
- The user was later deactivated from the clients org but the copy user in my org is still showing as active. How can I attach the client user to my copy user such that if the client deactivates the user, the copy in my org is also deactivated? This is to help manage the users.