Using the Okta user store for authentication only?


To maintain existing relationships within my app and the ability to populate document relationships from my MongoDB users collection using Mongoose (as well as the ability to use more advanced queries of users), I’m wondering whether it would be possible / advisable to hook into Okta and create users in the Okta user store using the API but retain the primary storage of all user data in my application. Is this an antipattern? I found this somewhat related question with no answers .

Can you offer advice or your experience with this kind of setup if you have any?

I’ve also seen the externalId profile property which (if I’m not mistaken) I could use to associate the Okta user to their user document in my MongoDB collection using their ObjectId. Is this something that is typically done or am I not using Okta as intended / using the wrong tool for the job here?

So first thing, you can definitely save your users in Okta, but what’s the purpose? If you have a clear answer to this question, then you can go and implement, what you need.

Usually you may want to use Okta either for managing access and SSO into different applications. But if you just need a DB-like solution, I’m sure there are much cheaper options.

We’re planning to use Okta for SSO and MFA for our clients, but we have an existing user database in our app. Currently we have one app, but I could see us separating our application into a customer facing app and back-office app.

Well, in this case I think it’s fine. You just need to think about, which attributes do you need to have in Okta, so that they can be easily shared with other applications during SSO either with SAML attributes or OIDC claims. Many customers have their own solutions/portals to manage user lifecycle, so there is nothing unusual if you go the same route.