Below is the requirement which I want to implement using OKTA. Let me know how can I achieve it.
I have two apps App-A & App-B.
User will login to App-A.
User clicks on App-B URL. From here user can be redirected to OKTA or App-B directly. Any option is fine with me. Lets assume user will be redirected to OKTA and then to App-B.
User will be redirected to OKTA and from there to App-B.
I will be using SAML 2.0 for OKTA. My problem us that I don’t want user to login to OKTA/App-B. OKTA will be in background and will only redirect user to App-b. User will not see login/home screen of OKTA.
I am planning to use one admin account to login OKTA for all users of App-A. Depending upon incoming user id OKTA will send token to App-B. Not sure if I can implement this in OKTA. I am new to OKTA so please correct if I anything is wrong.
With regards to your query firstly you will not be able to impersonate end users, i.e. log them in on their behalf as each account requires its own username and password. As such some form of user input is required to complete the authetnication flow for the user to App-A.
However once a user is signed in to App-A they will have an Okta session cookie which will be used for all subsequent authentications and as long as this remains valid (within defined session lengths) users will not need to re-authenticate. As such you may want to look into the embedded links for your app-B application, this intiiates the Okta redirect and authentication flow which if already signed in will land them on the target resource.
More information on the embed link can be found here: https://support.okta.com/help/Documentation/Knowledge_Article/The-Applications-Page-1093995619#Show
If you are developing your own application and require Okta for authentication you may wish to review how you can obtain sessions for end users. The following article provides some guidance on this via OIDC, Session Redirect and Embedded links. https://developer.okta.com/use_cases/authentication/session_cookie#overview
If however I have misunderstood your question I would recommend raising a support ticket as there are various components here and a call with a support engineer can provide much better guidance.