I could not find any clear documentation how OIN integrations actually work as far as technical details…
I noticed that some apps used separate sub-domains for their SAML URL (ACS) for example:
https://xxx.zoom.com/saml/SSO, here sub-domain would be different for each tenant.
The configuration UI requires you to specify the sub-domain (xxx).
Some other apps use a fixed URL, for example: https://www.abacus.com/login/saml/assertion
I assume the end-point would use Issuer from the SAML assertion to determine the tenant.
In this case there is practically zero properties that must be specified for the integration.
I assume it should be possible to setup a url based tenant or perhaps include IssuerID into the URL?
along the lines of: https://www.sp.com/saml/Issuer/XXX
Also the web UI on OKTA for configuring specific app properties can be somewhat different for each integration. How does that work when publishing a new integration?
Do we need to publish some kind of template for the UI?
It would be hard to imagine that OKTA employees would be hard-coding the UI for each integration.
Where can I find more information on these technical aspects of OIN and what is actually involved when creating a new integration?
I’ve go through the OKTA docs I found, but they don’t really go into these technical details (Configuration UI, ACS patterns, what is actually stored in OIN, etc.)