We have an ASP.NET MVC application which uses Okta for user authentication. When an unauthenticated user browsers to our app, they are directed to Okta to login, and then they are redirected back to the application. When they click “Logout” within the application, they are signed out of the application and signed out of Okta.
The issue is when we click “Logout” from the Okta dashboard. When a user clicks “Logout” from the Okta dashboard, they are signed out of Okta, but they are not signed out of the application. When the user logs in with different credentials in Okta and open the application, HttpContext.User.Identity still contains the previous user information.
Is it possible for when a user clicks Logout within the Okta dashboard, to also log them out of the ASP.NET application? What’s the best approach for this scenario?