SSO between my owned System A and an external e-commerce System B using an SSO Token

Questions API
1

Hello, good morning.

I’m reaching out to understand if, with Okta, I can implement the following use case:

  1. I own System A.
  2. There’s a System B, which is an e-commerce platform.
  3. I want to allow any user logged into System A to navigate to the System B site and be automatically authenticated.

The team in charge of System B informed me that it would be sufficient to pass an SSO Token as a parameter when redirecting the user to System B, allowing System B to validate and authenticate the user automatically.

Is it feasible to implement this flow?
I’m considering the possibility that upon user authentication in System A, System A would make a background call to Okta’s API, authenticating the user with Okta and then requesting a token from Okta. Subsequently, when the user aims to access System B, I’d redirect them, sending the token generated in the previous step, allowing System B to validate the user.

I’m somewhat overwhelmed with the extensive content in the documentation and haven’t been able to ascertain whether this is achievable.

Thank you in advance.

2

Has the user been authenticated and granted access via an OIDC application? Your application obtains JWT tokens that can be later verified.

Upon obtaining the tokens from Okta, you have the option to locally validate them using JWT verification:

3

Hello Sherry, thanks for the answer.

In my case, the user is authenticated in System A, which already has its own authentication system (email and encrypted password verification stored in its database) - Not OIDC.

I want the user logged into System A to be able to access System B and make purchases without needing to log in again.

The team in charge of System B informed me that I’d simply need to pass an SSO Token when redirecting the user to System B, allowing System B to validate and authenticate the user automatically.

I’m considering the following approach:

  1. Export user credentials from System A to Okta.
  2. When a user logs into System A, System A would make a background call to Okta’s API, submitting that user’s credentials and authenticating them with Okta.
  3. System A would then request a token from Okta’s API for the logged-in user.
  4. When the user tries to access System B, we would provide this previously generated SSO Token to System B.
  5. System B would then validate and authenticate the user using this token.

This way, the user would only need to log into System A. Is this flow implementable?