OpenID Connect (OIDC) Federation

  1. Do you have any plans to support OIDC federation? Ref:
    https://openid.net/specs/openid-connect-federation-1_0.html

  2. In AWS Cognito there is a concept of “federated identites” which makes it possible to configure trusts between OIDC Identity Providers (IdP). So, say you have an OIDC token from an external IdP X. With Cognito Federated Identities, one can add IdP X as a trusted IdP, and thus trust tokens that have been issued by IdP X.

Does Okta support anything like this?

  1. If none of the above approaches is possible with Okta, this suggests that the only federation option for “custom IdP” authentication (e.g non-google, facebook, etc) is to use SAML 2 and configure Okta to be a SAML2 Service Provider (SP). Is this the case?

  2. If 3 is correct, does this require us to have an “Okta Enterprise” subscription?

Edit: Looking at Auth0, they seem to have a lot more options for external Identity providers, such as Custom Oauth2

I believe the IdP brokering feature now addresses this?

https://help.okta.com/en/prod/Content/Topics/Security/Identity_Provider_Discovery.htm