
AndrewK.41264 (Customer) asked a question.
Hi,
We have a service where customers are able to have accounts with one or more partners. Each of these partners is accessed via a subdomain, so e.g. if someone has an account with PartnerA they would log in to partner_a.mycompany.com. Currently these accounts are separated out, since we only enforce that the tuple (email_address, partner_id) has to be unique.
We are migrating our internal identity service over to using Okta, but ran into the issue where users have to be unique based on email address alone. Theoretically we could resolve this by having people use a single log in and then just providing them a choice of which account they want to proceed with, but we'd like to avoid that if possible (many of our partners are using us a white-label service, and so it could be a bit weird for the customers to discover that what they thought were totally separate accounts are actually linked, and it would mean that the branded experience isn't the same throughout). Is there a way to segregate user accounts so that e.g. someone's login account with Partner A is totally distinct from their login with Partner B?

Theres another wrinkle in that it is possible for a customer to start out with an account under us, and then transfer to a partner; ideally, they'd be able to log in either via mycompany.com or partner_a.mycompany.com, but I wanted to see what the solution to the simpler case is.
How will the customers be using Okta? Will they be clicking on tiles to access resources or is Okta going to proxy them to another resource?