We develop on an application which, for regulatory reasons, must prompt the user for their credentials when they attempt to edit sensitive data. We are looking at integrating with Okta for SAML SSO and the initial login part looks like it should work fine. However, when we need to prompt the user for their credentials in the sensitive areas of the app, we would like to use our current flow which is a simple modal that asks them for their username and password which is then checked against our backend. We would like to only change our backend so that instead of checking our own database, it would send a request to Okta to confirm the user’s credentials.
After reviewing the docs, it looks like this is a good use case for Step Up Authentication, however this would involve a redirect from Okta which we don’t want. Is there a problem with simply using the primary authentication endpoint for this? Or is there a better way?