We plan to migrate the users as and when they try to sign in into our system. For that we will use Okta widget to the route auth traffic to Okta directly and use password import hook to migration users in realtime (Just in time migration). But we plan to move the users to Okta in phases.
I had some specific question in my mind:
- Do we require the user to be created in Okta before actually moving traffic to Okta and doing Just in time migration?
- Is there a way to programmatically create new user in Okta when they try to login via Okta widget?
- What happens if a user tries to login via okta widget, its traffics comes to Okta and user is not created in Okta yet?
- Does okta have a backup flow to send traffic to our onprem backend services for authentication in case the user is currently not being created in Okta?
- Does Okta redirect the traffic via hooks or something?
- Does the direct access to Okta work with such flow or do we need create a skim application between Okta and the usere to manage users who are not migrated to Okta?