I have a third party that has authenticated a user using their idp ( OIDC) how do I bridge to OKTA oidc and saml apps? How do I exchange their access token for an access token/saml assertion one issued by my iDP?

User logs on to external iDP
User exchanges access token from external iDP for a saml/access token from OKTA.


Your application typically will not login to an external OIDC IdP and get tokens.
Instead when logging into Okta, Okta will redirect to the external IdP, authentication takes place, and Okta then retrieves the tokens directly from the IdP. At this point Okta will create an Okta session for the user.

See here for setting up and external social IdP.

Thank You,

1 Like

The scenario is I have logged into a third party app with an external idp say PING (issuer acme.com) which has given that app a access token ( minted by PING), my app is looking for an access token (issuer bugs.com) from my Idp (OKTA), can I do a token exchange do avoid them having to reauthenticate. I trust tokens minted by PING (issuer acme.com).

Is PING added as an external IdP in Okta as well? Is the user configured in Okta to authenticate with the external IdP? If not, then I don’t think it’s possible to avoid the reauthenticaiton.

1 Like