I have 4 ASP.NET web apps sharing same domain with different sub domain. App 1 is in ASP.NET MVC (.NET framework 4.7) the remaining 3 apps are ASP dot NET Web Forms ( dot NET framework 4.5).
They all share a common user base from Login standpoint.
What is the recommended approach to use OKTA as SSO ? - user logs in once and can navigate between these apps without being challenged for login as long as the session is valid.
One app integration in OKTA with 4 callback URLs (since 3 apps share same set if users)? or
One app integration with one callback to app 1 and let other apps validate the session using OKTA API call silently? Note: 2nd is the preferred use case from as business wants to use app 1 as entry point with links to other apps.
@nate.barbettini
Any suggestions will be greatly appreciated considering security and easy of implementation.