Hi there, I and my team are new to Okta, so looking for some guidance on getting started here as I’m feeling a bit lost with all the options.
Here is what our scenario is :
- We have an .NET Framework 4.X MVC front-end
- This front end talks to our API backend running IdentityServer4, and passes JWT tokens back and forth to enable authentication for our site. The front end does not use any authentication providers natively, it interacts with our API to obtain these tokens. We have authentication attributes where needed that validate the JWT’s are still valid. The user store, accounts, passwords, etc is accessed via our API layer that our front-end makes calls to.
We now have a situation where a 3rd party client/partner, with an existing Okta user store of their own, wants to establish a SAML based SSO into our site. So, they would like to have a URL on our page that redirects their user to Okta, which then redirects to a callback link on our site w/ some identifying info sent with the SAML, and our API will associate that with a user on our side and log them in as explained above.
Here’s where things get murky for me and I’m wondering what the best approach is.
With every example I’ve seen so far for working with Okta + SAML, it is configuring the front-end to add an Identity Provider, and secure the entire application with this SAML IdP. That is not what we want to do. We have our own pre-built authentication
What we want to do is validate the login being passed back to us, extract the user info, and then log them in to our in-house account.
I’m wondering would this be a use for the Okta API’s in this case?
Hoping to get some suggestions on how to fit in this authentication approach with our existing structure. Any hints towards Okta documentation or write-ups that talk about how to handle this would be greatly appreciated.