RossA.60666 (Customer) asked a question.
We have 2 independent Okta instances (due to multiple lines of business) but we've started to run into issues where internet apps need to be available to both Okta instances, but the vendor either doesn't support multiple IdPs or there is some other limitation. We obviously don't want to have to license a user in multiple instances, so federating the two instances would be ideal. So, if a user from Instance A needs to access an app which only resides in Instance B, Instance B would be able to authenticate their account in Instance A and give access to the app in Instance B.
We've done some extensive research on the situation and there appear to be two different possible solutions - Okta Org2Org or setting up one instance (ie master) as an IdP to the other org and then using routing rules - or a combination of the two methods.
Has anyone successfully set this up and if so, which method do you use?
https://help.okta.com/en/prod/Content/Topics/Provisioning/org2org/org2org-integrate.htm
https://help.okta.com/en/prod/Content/Topics/Security/configure-routing-rules.htm
https://help.okta.com/en/prod/Content/Topics/Security/idp-add-saml.htm
Rgds
Org To Org will work. We have tried the same.
https://help.okta.com/en/prod/Content/Topics/Provisioning/org2org/org2org-integrate.htm
Thank you for the reply Sathish. Did you have to also license the user(s) in the Hub org? I'm afraid that we'll be duplicating a lot of licenses across our two instances.
Rgds