Multiple Inbound Identity Providers in Widget

We are first implementing email/password only, but starting to think about “inbound federation”, where we’d want to allow players to use their Facebook accounts, and others, to log in. So I’ve been exploring Okta’s Identity Providers. Here is how I’m interpreting things, and you can tell me if I’m on the right track:

For a single IDP (lets say Facebook) we can set up multiple “Identity Providers” in Okta. For example, one for “App A” and one for “App B”

The normal way these are used, is by utilizing “Routing Rules” to say something like “if the user is accessing App A, then use Facebook-App-A IDP”

The default behavior of the Sign-In Widget, is that only one of the Identity Provider options (including Okta email/password) will be presented to the user at any time, based on the Routing Rules.

If we wanted to instead show something where the player can choose which inbound provider they want to use, from several options, then we’d need to do some custom work. It seems like one option is that the Widget html can be customized to include whatever we want? Or another option might be to host our own widget entirely? Are there examples of this we can learn from?

If you want to add custom buttons for each IdP, you’ll want to use either an Okta-hosted custom widget or self-host the widget with customizations.

You’ll want to look at the idps property in the GitHub doc