I am trying to prototype the following scenario for a new application and would be grateful of a little help getting started:
We want to use Okta for user management. We’d like to use the User API to create new user accounts initially without a password. When an account is created we’d like the user to receive an email asking them to confirm their account, which would take them to Okta where they would set their password. After that we’d like them to be forwarded to, or at least requested to click a link to our web app. Ideally Okta would redirect them and pass in an access token via a callback page so they would be logged in immediately and can start using our single page web app.
We would prefer that users manage their account on Okta, but we need to ensure every user has an assigned role and an optional array of OrgIDs - these would be in the default access token claim and be verified by our web app. The user must not be able to see or change their role name or Org IDs.
Does the above sound plausible or am I completely off track? If so what steps do I need to perform on Okta to make our application user management work this way?
Thanks in advance!