Is there a way to have multiple Okta sign-in widgets (hosted, not the default ones), such that a user trying to access a protected backend Service Provider (application) would get redirected to an application-specific sign-in widget? The use case is such that I want 1 user (user Bob) to be able to sign into 2 different applications (appX and appY) using SSO. With both applications protected by the same Okta organization. But when Bob goes to appY he would see a differently branded sign-in widget than he could see if he went to appX. If he logs into either appX or appY first, he would then have a token and pass through to the other application using normal SSO, without seeing the other sign-in widget screen.
It looks like this page might describe how this could be done: Okta Help Center (Lightning). But I’m not sure if that would be an organizational level setting, or if you could set that differently for different apps.
Hello,
The instructions you linked to would work for a SWA application. What type of applications are these, OIDC?
If these are OIDC apps, say SPA, then each could host its own version of the widget. When a user tries to access either application the code could check if the user already has a session, if so don’t show the widget, otherwise render it. How you go about checking for an existing session will depend on whether browsers support 3rd party cookies.
Okta sign-in widgets (hosted, not the default ones),
Not sure if you mean a customized Okta hosted Widget which you can do if you have a Custom Domain URL setup, or if you mean a self hosted widget on your own infrastructure? If it is your own self hosted you could use the method described above.
If you have a Custom Domain URL for your Okta Org, you can modify the Okta hosted widget. Each Org only has one hosted login widget. However you can modify its styling based on how it is accessed, one of those ways could be checking for a client_id in an /authorize URL. So it would be possible to present two different looking widgets for an Okta hosted login with a Custom Domain URL.