I’m considering using Okta to support a new application we’re building that will be multi-tenanted. For half of my tenants, they’ll want us to store their authentication information (and we would use Okta as the provider in these cases), but the other half will want us to connect to their identity providers. If we assume those providers support OAuth2 or OpenId, can my developers use the Okta tools for both types of clients or do they need to code the 2 cases differently?
You need a particular feature that is on our roadmap, which is a generic OAuth 2.0 / OpenId IdP. Once we get this in place, you would be able to use the IdP Discovery feature (username first, reroute the user to their IdP to login, Okta mints a token with the IdP in the claim so your application can know which IdP they logged in through).
If your tenants are using Google Apps, we have support for that IdP today. We also have support for SAML IdPs as well for multi-tenancy.
Thanks and let me know any questions,
Have you implemented OAuth 2.0 / OpenId to allow multi-tenanted apps?