As a SaaS business, different companies login to our app.
We already have a login page/ signup offering local login (email/password) and Connect with Microsoft button implementing OIDC (see attached schema).
We would like to add Okta as some of our customers actually request it.
We do not understand how to add a «Connect with Okta» button on our login page that would lead the user to the proper Okta login page. While building the authorization URL, as an ISV we should address a generic Okta provider URL which will do the IdP discovery for the customer right ?
Do you provide documentation about this?
Here are the steps as I understand them so far, assuming we have our App in the OIN:
1 - The customer adds the App for his organization in Okta
2 - The customer grants access to the App for desired set of Users/Group
3 - An end user arrives on our webapp, landing on the login page
4 - Clicks on ‘Connect with Okta’
5 - The user is presented a login page from Okta (auth + consent process)
6 - The Authenticated User is redirected to our platform (after account creation/retrieval on our backend and session opening)
Where we are stuck so far is at point 4 to 5, where the /authorize URL is built, what tenant shall be requested? what is the complete URL ?