Planning to use Okta for workforce login, and maintain session in the backend but also use a React SPA as front-end that talks with the backend using the apis backend would be exposing. Is this achievable?
I wouldn’t recommend SAML these days. Using SAML vs OIDC is like using SOAP instead of REST. You’ll be fighting an uphill battle rather than just using OIDC and making things easy.