Hi, currently I’m tasked with the following requirements:
- Create a mobile app that the user logs into Okta with.
- The user stays permanently logged into Okta (not just a client application, ALL of our org’s Okta), for as long as possible, until they choose to log out.
- The user can visit any Okta app that’s assigned to them via in-app browser.
I have the following ideas for how to do this:
-
The app saves the user’s username/password into secure storage, and uses it to authenticate against Okta every time their session is expired. I don’t like the idea of handling passwords like this. Also, we want to not require MFA if logging in using biometrics like this.
-
We set the Okta session policy to last 7 days at idle, and then refresh the Okta session when they open the app. The security people aren’t going to like sessions lasting that long.
Am I missing a better way to do this? Which approach would you go for? I am aware that there is already an Okta mobile app that pretty much does this, but we (management) want our own custom solution.
Thanks for reading!