I’m testing okta SSO products for my company. And I got some questions for you.
We are developing a Web application , let’s say it is called “WA”, for a company “C”. and The company “C” are currently using okta SSO. So we’d like “WA” to be okta compatible application.
After some research and following your online examples, which are using openid connect protocol, I come up with a big picture about how to integrate.
The company “C” ‘s security manager need to create an application in their dashboard, and they need to integrate their Active Directory with okta, and they will assign groups of people from their Active Directory to “WA”, and all we need to give them are the url of “WA”. Then that’s done.
But my manager come to me, no no no, to integrate with Company C’s AD, we need to create a saml compatible web application. And it’s our job to integrate “WA” with their IDP, we create an application in okta’s application pool, and Company C’s admin will need to tell us address of their IDP, and we need to exchange some kind of certification….
I’m totally confused, can you tell me whether my understanding is correct or not?