Is there a way to have an web app that uses the login widget and the user can select the App (ClientID) to use so that they are redirected correctly after login and MFA?
Background:
We will have multiple web portals. We have implemented Okta so that the portal redirects to our org if the user is not authenticated and Okta hosts the login page.
Since we will have three portals, business would like to have the ability that they can select the portal right on the login page from a drop down, radio buttons, whatever. I believe this is not possible when the login page is hosted by Okta, as the ClientID has already been passed. We use .NET, so the SDK has the ClientID as a configuration property in startup, so it can’t easily be changed.
I’m doing a Spike to determine if we use an SPA that is only for login, could we have the ClientID and other required properties set from the drop down before the user clicks Login?
My concerns:
- ClientID is in Javascript, appears to be easily viewable by end users
- Not sure if login widget sets itself up on render and even if we change the ClientID from a drop down using javascript, if the widget will pick it up.
Thoughts:
I considered defaulting to one portal, if the user selects something from the drop down different, then I could redirect them to the login for the selected portal. Drawback is that will work okay if the user selects the drop down first, if they have already typed their credentials and then select the drop down, the their credentials will be lost and they’ll have to type them again. Not great UX. I suppose we could have some sort of loginpost controller method that could accept an object that has the id and password on transfer possibly.
So,
Will this even work? (I’m going to setup a POC app)
Would we be asking for trouble by doing this?
Is there another way to accomplish this?