Hello - we are looking to possibly set up OKTA federating to Sitedminer, and have a question about how it works. When a user authenticates to a OKTA app, then tries to access a Siteminder protected app where federation has been set up, then that user should not have to authenticate again because of the federation. This we have proven out. The question is whether a Siteminder session cookie is actually created as part fo this integration, so that if the user then goes to another Siteminder protected app without federation set up, will they have a valid SM session and cookie, or will the user have to now authenticate against Siteminder?
You would be settign up Federation between Okta and Siteminder, not a siteminder app. So, once you federate from Okta to SM to get to the first app, you would/should be getting the SM session cookie and could then SSO to other applications that are protected by SM.