Okta Api Authorization with Windows Active Directory fallback

I’m attempting to setup authorizations in a new .net core 3.1 api using Okta. Using the quick start it looks pretty simple using
services.AddAuthentication(options =>
{
options.DefaultChallengeScheme=OktaDefaults.ApiAuthenticationScheme
etc etc.

But, I have some legacy apps that will not be authenticating against Okta. For those I would like to fall back to active directory groups for authorization. Is this possible using the code above? Looks like that code is setting the one default to rule them all. Not sure how I would tackle an either/or approach.

Wait would it just be something like this…
services.AddAuthentication(IISDefaults.AuthenticationScheme) //Windows
.AddOktaWebApi(new OktaWebApiOptions() //Okta
{
OktaDomain = “https://[mydomain].okta.com”,
});

For the record, this did work, for anyone wanting to do something similar.