Web Application SSO for multiple Okta organizations?

We have a web application (dotnetcore backend) that will be used by multiple Okta clients.

We have it set up and working for a single Okta client, but I can’t seem to find any direction on how to set this up for multiple clients with the goal of eventually being in the OIN.

Anyone have any thoughts on how to approach this?

Jeff

In my demo app, logging in with a user of the domain I created the app with, lets say “dev-1111111.okta.com” works fine.

However, if I try to log in with a user from another domain, let’s say “dev-2222222.okta.com”, I get a 401 from https://dev-1111111.okta.com.

I’ve tried to set up an Identity Provider in “Security > Identity Providers” but that hasn’t seemed to help.

Hi,

Can you clarify: are you looking to create an SSO app (SAML or OIDC) and share that with multiple Okta orgs? Or are you talking about Okta API access and having your application access the multiple Okta org APIs?

For SSO, there isn’t a way to privately share the app configuration so that each org can go through the “Add an app” flow for your app and potentially connect to a different tenant on your app (multi-tenant to multi-tenant). Submitting to the Okta Integration Network (OIN) is the way to accomplish that.

If you wanted to share a configured app’s access across multiple orgs (all logging in to the same tenant on your app’s side), you could accomplish that by connecting multiple Okta orgs together. Concept (see config #2) and Org2Org app doc. I’m guessing this isn’t what you had in mind.

Hope that helps, and let me know if you were thinking about API access.

John