Hi, looking to make sure I understand how to use Okta properly, and I have two questions below. Here is what I’d like to do:
I have 2 apps, one I built (let’s call this X), one that is built by another company (call this Y), but supports SAML based SSO. I was hoping to use Okta as a basis for users seamlessly accessing both apps once logged in. That is, the usual SSO experience.
I would prefer to have a completely custom landing page, etc. with X, and so I was thinking to use the Okta Auth API for everything. Would I create an Okta Session using the REST API at that point and use the use the Refresh Session API for browsers (https://developer.okta.com/docs/api/resources/sessions/#refresh-current-session) going forward? If so, which Auth API call would I make to get the session token or to establish the cookie originally, without the user leaving my app?
Once users login, I would like to make sure they of course can seamlessly use Y. Would just setting the session cookie once logged in enable the rest of the SAML based SSO handshake to execute correctly? I just want to be sure that the user isn’t asked to login again when they navigate from my dashboard page on X to Y via a link I have there.