bleh5 (bleh5) asked a question.
Having doubts about SSO integration into our website
1) If user has an OKTA account (please do not confuse this with the portal accounts) and tries to login with these OKTA credentials, then we need to validate the User with OKTA and if the user is a valid user then we will verify whether we have an account with that username in our system. And if yes, user has to be allowed in to our system.
In other words, we should be calling the login API of OKTA and if the response is success we have to give access to our portals.
2) If user has already logged into OKTA and tries to open any of our portal then he should be given access automatically with out asking for Username and password.
Please let us know if it is possible
Hi @bleh5 (bleh5),
Thank you for posting on the Okta community page!
I have done some research and it seems that theoretically your inquiry could be achieved since you can use perform an API call to get the user session and if the session is active you can create a flow on the app end to no longer re-direct the user to Okta and to authenticate them directly.
Additionally, the above flow might not be required because if the user already has an active session in Okta, when he will be re-directed from the app, he should not be prompted to insert the username and password again.
I have provided bellow a documentation about Okta session:
I hope the above information is helpful!