Janardanc.07092 (Customer) asked a question.
Hello,
We are looking to use Okta SSO for a project for us. It's a SPA web project (spring boot + angular). Currently we are using spring security to secure api endpoints.
In our system, at the time of login the user needs to provide a workspace (similar to Slack) with email and password. We are also using two factor authentication with email OTP. After login, the user gets an access token to access the spring boot apis.
We need to use Okta SSO for a single client of ours. Rest of the clients will remain on our system login system.
In order to implement OKTA SSO, could you please address following questions:
1. Can we use both spring security and OKTA security simltanously?
2. What changes should be done in login process, with two factor authentication?
3. How to get access token to access the apis?
Looking forward to your reply.
@Janardanc.07092 (Customer) Hey, thank you for reaching out to us for assistance.
I believe this can assist you on how to further have the application configured: https://developer.okta.com/docs/guides/sign-into-spa/angular/create-okta-application/
As in using OTP that will be achievable by leveraging the application Sign On Policy as well as global Sign On Policies.
So you'll have a global policy that dictates Two-Factor, furthermore you will demand for that application App Sign on Policy that will ask users for OTP before logging them in.
As this is more a developer oriented questions I'd advise looking across this question as well: https://support.okta.com/help/s/question/0D51Y00005xyT6j/spa-oauth-flow-recommendation-and-token-refresh?language=en_US
Also https://developer.okta.com/docs/guides/implement-oauth-for-okta/request-access-token/ in regards to the access token.
Hope this helped.