I have a third party that has authenticated a user using their idp ( OIDC) how do I bridge to OKTA oidc and saml apps? How do I exchange their access token for an access token/saml assertion one issued by my iDP?
User logs on to external iDP
User exchanges access token from external iDP for a saml/access token from OKTA.
Your application typically will not login to an external OIDC IdP and get tokens.
Instead when logging into Okta, Okta will redirect to the external IdP, authentication takes place, and Okta then retrieves the tokens directly from the IdP. At this point Okta will create an Okta session for the user.
The scenario is I have logged into a third party app with an external idp say PING (issuer acme.com) which has given that app a access token ( minted by PING), my app is looking for an access token (issuer bugs.com) from my Idp (OKTA), can I do a token exchange do avoid them having to reauthenticate. I trust tokens minted by PING (issuer acme.com).