We have created an OpenID Connect app that uses Okta for SSO, but I’m confused about something. It seems to only be allowing Okta users from our org to sign in. We would like to allow any user with an Okta account to sign in, without having to make a prior arrangement with their org. Our app seems to be in Federation Broker Mode, which seems like it should allow this, but it is not working (when we try to log in with an account from another Okta org, we get a generic “unable to sign in” from Okta. The url we are redirecting to is tied to our organization - could that be the problem? What else might be wrong here? It should be possible to have it work this way, correct?
What you are seeing is expected. Okta does not function as a Social Identity Provider like Google or Facebook, only users within your own Okta org can be assigned/access any applications within that org.
I don’t understand how we’re supposed to implement “login with Okta” functionality to our customers who use Okta. Can you explain how this flow is supposed to work?