Please let me describe the situation
we have web application and our new potential customer wants to use SSO with their on-premise AD to start use our app
customer already has Okta organization in which this AD is integrated
Which should be correct approach to implement SSO?
As far as I can see there are two ways:
Customer adds Okta application to their Okta organization to process requests from our web application (we provide callback url and necessary attributes to him, he provides us with Sign-On url and certificate for this Okta app)
We create our own Okta organization and add their Okta app (SAML or OpenId) as External IdP.
Any suggestions, do you miss something?