SSO with openid

Hi Team,

Currently we are having openi id single page application in react. we are trying to include single-sign-on also as part of the application, is it possible to configure single-sign-on with open id since. if so, can you provide us with the documentation on the same.

Also, is it possible to get access token from saml while doing sso, since we are using access token validate service call in backend.

Hi @Pream! I recommend starting by figuring out your application type and then using OIDC/OAuth from there - OAuth 2.0 and OpenID Connect Overview | Okta Developer.

Here are some things to consider when setting up your authorization server which is responsible for providing the necessary access tokens - Okta Authorization Servers for OpenID Connect and OAuth 2.0 Integrations - YouTube. I include additional links in the video to further guide you.

Lastly, you can you SAML Assertion Grant Flow to exchange for an OAuth token - see our documentation here Implement authorization by grant type | Okta Developer.

1 Like

Hi @sigama we are currently using open id single page application with grant type has authorization code and pkce flow as true. its works properly and I’m able to sign-in and redirect as well. Now we are having requirement to make it as SSO as well. I’m looking for few documentations which would help me to configure SSO for the same openid application. The documents suggested by you doesn’t say much about SSO. Also project is currently in react.

As per saml assertion grant flow for OAuth token, i don’t have client secret in SPA so not sure what to pass in Authorization header

As long as the user has an active Okta session (cookie-based) in their browser, they should be able to SSO into another application without being prompted to re-authenticate.

For example, if you make one authorize request to log them into OIDC App A, during which they login with their credentials/authenticators, and then make a second authorize request to log them into OIDC App B, as long as they have already met the authenticator requirements for this second app (for example, App A and App B use the same auth policy), then the user will be logged into App B and immediately redirected back to the application via the redirect_uri.

The same would hold true no matter the application type, so they can log into an OIDC app first and then a SAML app, based on the presence of the Okta session.

2 Likes

Hi @andrea currently we are having two set of users one is external user and other internal users who login into okta application and can see my app in their dashboard, on click of app from dashboard I should directly authenticate the user and take them past login screen. it would be helpful if I knew what configuration i should apply for this scenario.

So are these external and internal users in separate Okta orgs? If so, do you use Org2Org so that users in one org can access and be assigned applications in the other?

Once the user is in the org in which the target application is created, they should be able to log into it directly.