I am looking at recommending Okta for my company's on premises applications/services. But I have a concern about repeat round trips to the cloud for authentication and authorization.
Here is a scenario to explain:
An internal user starts a web app. Right now, we know who the user is because they use IE and we can get the user from windows. We then make a call to an internal service to find out what the user can do (authorization).
The application then calls an on premises service. The service knows who the user is via a similar method to what the web application used. It then makes a call to the same on premesis service to find out what the user can do (authorization).
This can repeat several times as the service may need to call another service to complete the logic required for the main call.
So for a normal, single action, I may need to verify the user and its permissions 5 or more times.
I am worried that when I replace those on premisis calls with calls to Okta (which cannot be on premisis), then I will add a lot of latency to my applications.
I have considered a home grown caching solution to limit the calls needed to Okta, but it seems kind of hacky.
I have to think I am not the first one worried about a chatty interface to a cloud provider. What does Okta do to deal with this kind of problem?