s3f8s (s3f8s) asked a question.
Internal and External SAML IAM Portals - Can these be encompassed around an OAuth 2.0 wrapper?
We have a client whom is leveraging Okta, and has 2 x IAM portals (one for internal staff, and one for external customers), both of which are set up using SAML.
Our application does not support SAML or 2 login flows, so we'd like to explore encompassing these 2 portals within a single OAuth 2.0 wrapper (as we support the majority of OAuth flows, predominantly Auth Code with PKCE).
Is this possible? The end goal is that we'd like to direct our users to a single OAuth flow (as we only support one login flow on our application), and would receive a single access token.
Thank you!
Hello @s3f8s (s3f8s)
Thanks for posting.
You can accomplish this using OAuth 2.0 or OpenID Connect.
The OAuth 2.0 protocol controls authorization to access a protected resource, like your web app, native app, or API service.
The OpenID Connect protocol is built on the OAuth 2.0 protocol and helps authenticate users and convey information about them. It is also more opinionated than plain OAuth 2.0, for example in its scope definitions.
In this document you can find basic specifications of each option, how it works and what to consider before choosing one or the other:
https://developer.okta.com/docs/concepts/oauth-openid/#recommended-flow-by-application-type
Implement authorization by grant type:
https://developer.okta.com/docs/guides/implement-grant-type/authcode/main/
An Illustrated Guide to OAuth and OpenID Connect
https://developer.okta.com/blog/2019/10/21/illustrated-guide-to-oauth-and-oidc
Please take a look at those documents as I'm sure they will resolve some of your doubts.
If you need additional assistance with the setup, it is possible to reach out Professional Services so they can help you with a personalized solution.
Have a great day!
Daniela Chavarria.
Okta Inc.