Working on implementing a SP-Intiated SSO where there are 3 pieces involved: Org1 (IdP), Okta, Application.
A user from Org1 will attempt to access Application thru a sign in page hosted either at Okta or Application.
I have a routing rule set up already to send them to the correct Idp at Org1 based on email domain.
When a user authenticates thru their IdP, they get dropped off in the Okta dashboard and not Application. Using the global redirect feature works but will not be valid in the event of multiple Okta applications.
A few questions here:
If using the custom sign in page, how do I sent users from Idp to a specific application instead of the Okta dashboard (assuming there are multiple applications in Okta)
If there are users that have no SSO, how do I validate the credentials entered on the custom sign in page against our Application’s database, which is unfederated and involves basic username/password.
Basically make a POST call out of the supplied credentials INSTEAD of sending to Okta’s user DB.
If using my application’s login page, can I make api calls from the application to Okta to determine if the incoming user is an SSO user and then forward them through Okta to their Idp and back into a page in my application?
Thank you in advance!