Hi Guys! I’m new to okta and i need some help to understand how to apply a new work flow to a POC in my work, basically this is what im trying to accomplish.
- A client will click on a link, this link will reach to my company Okta domain.
- Okta will apply some routing rules based in some atribute, could be the device or some other yet to define.
- Then okta will redirect to a web app
- This Web app will perfom Facial Biometric Authentication using a external provider.
- After The Web App finish the idea is to return a boolean to Okta.
- Okta will finaly answer if the user is authenticated or not.
My biggest doubt is primarily conceptual about how to implement this workflow and which tools of okta can i use to do the redirection, in this case i was thinking about routing rules or use a custom button on the brand section of okta, but i didnt had too much success working around, any idea would help, thank you.
In terms of using Okta Workflows, you won’t be able to redirect the user’s browser or really have control of where they wind up.
Your suggestion about Routing Rules seems like it might come into play, but I’m not entirely sure… it might be worth reaching out to your account team to see if they have more information about something like this integration: https://www.okta.com/sites/default/files/pdf/okta_experian-datasheet.pdf
In terms of using Workflows, you could do things like what’s mentioned here: Perform identity proofing with a third-party service | Okta
You’d probably be looking at more of an async process that’s not in line with a user’s authentication… as an example:
- User self registers for your Org
- Kicks off a flow that does something like EvidentID - Create Transfer Request and tracks the request ID in a table or on the user profile.
- When request completed, update that user… mark an attribute that is linked to group rules or do something that gives them access to their stuff.
Workflows would probably work best in that kind of async framework outside the authentication pipeline.
Otherwise, someone else might have more information about some of this: Identity Proofing - Okta Integration Network | Okta - never hurts to ask your account team.
2 Likes
If your requirement is to authenticate somebody in Okta with the help of an authenticator which is outside Okta (like external provider web app), you can add your web app as an IDP factor.
Note that your web app should be OIDC or SAML compliant for this use case. Refer this document for setting it up.
If you are able to setup this factor, you can setup access policies to users and prompt this factor based on rules in those policies. These access policy rules will take care of redirection to your IDP during authentication flow.
3 Likes