Okta as Idp for Azure B2C


My company uses Azure B2C to sign customers into our application.

One prospective customer we hope to obtain wants their users to be able to login to our application using their Okta credentials.

  1. Is it possible to register all of Okta as an identity provider in case this option is useful to other customers down the line, or does each {company}.okta.com endpoint need to be registered individually?

  2. If we do need to register endpoints individually, is there a good way to hide the relevant company’s identity on the shared login page? A link that goes directly to well-known-company.okta.com would reveal to other customers that well-known-company is a customer of ours.

  3. Ideally, we want the users to already exist in our B2C tenant before they login, so that we can have in-app privileges ready in advance. However, we probably will not know any of the customer’s Okta user ids before they login, so I can’t think of a way to preemptively assign Okta logins to the corresponding B2C identities. Is there a good way to prompt a user to connect an Okta account to an existing Azure B2C account? (Possibly involving a temporary password for B2C that’s removed after attaching the Okta account)


Since Okta is not a social identity provider, any service using Okta as an IdP will need to use instance specific information (Okta url/endpoints, Client ID, Client Secret) to integrate with Okta. There’s no way to just integrate with Okta as a whole.

As for your other questions, I can’t say I have good ideas for how to handle these scenarios so I’ll leave them for the community to help with.