So many products, where to start?

So my boss thinks it would be “cool” to allow users to log into our application using Social Media and other, but I’m struggling to figure out the best way to go about it. I’ve spent an hour or two skimming the forms here and I only came across 1 case like ours, though I assume it’s common enough. Rather than spin my wheels anymore, I figured i would just lay out the scenario and see what the people here think.

We’re a startup but we have 1-2 potential clients waiting for us to finish our app. Here are a few Business Rules:

  • We want to allow clients to add their own users and assign roles. but I don;t want them to have to log into Otka to do it

  • Clients should not see the users of other clients, same for users

  • Should be able to use Social Media to authenticate, but then how do I know what Client they are attempting to connect with

  • Should we maintain our own User table with Roles or use the Otka db, becomes a major dependency

I was thinking, if an Admin could add a bunch of users, via their email and somehow attach a token to that request, when they authenticate, I would know with which client.

Anyhow, I’m certain this is a fairly common use case and I’m just not sure which way to through myself just yet.

Any pointers would be much appreciated.

Federating to a social provider will ensure the user is created in Okta through Just In Time (JIT) Provisioning:

https://developer.okta.com/docs/concepts/social-login/

https://developer.okta.com/docs/reference/social-settings/

Thanks for the links but I actually already have the Social Login working with my app. I was thinking more of the the Business flow…

I agree, using social media login to Okta is the way to go.

As for the other requirements.

  • I think you should use separate Okta environments for each client. That way you can allow them some admin within each tenant without them being able to see each other.
  • you can control the federation individually for each client individually since they will each be their own tenant
  • you should leverage the Okta Universal Directory for your app rather than trying to create a user database within your app. That’s one of the major reasons to use Okta in the first place is not creating your own user DB.