SaaS product, Would our client create okta apps or do we?

We have a SaaS product and want to add support for OpenID Connect (OIDC) login flow to allow easy login into our website using Okta etc. I was able to create an Application under my Okta dev account and got the clientID/clientsecret and tested the whole OIDC login flow and it works great!

Now what I’m confused about is which of the following ways its supposed to work in live environment?

1. I have to create an application and publish it on OIN, so clients can add it to their account? If so, would each client get his own clientID & clientSecret or would it be the same one for all?

2. Clients will create Applications in their own okta accounts and set clientID/secret on our website, then for each user logging in, our system will handle them accordingly using their provided client id/secret?

1. Yes, each instance of your application that is created in your clients’ Okta orgs will have their own Client ID and Client Secret
2. Yes, you would need to provide a way for your clients to share the Client ID and Client Secrets for these instances of the app with you so that your application can log them in and get tokens.

So basically, whether we publish our app on OIN, or our client manually creates an Application (for our service) in their Okta account. Our client will set their unique client ID/secret in our service to properly setup OIDC?

@andrea Can you let me know please?

Correct, your clients will still need to supply you with the client authentication for the instance of the application created in their org so you can log their users in.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.