User16762778904117128244 (Customer) asked a question.
We are vendor and one of customer want to use okta for their customers. could you please help us how we can do it ?
Our customer want to perform below steps into their okta account
Is it correct steps?
Thanks,
-Ravi
We use cookies to provide the best website experience and to help understand marketing efforts. We may also share data with ad partners to reach potential customers across the web. To learn more, visit our Privacy Policy. Click here for Your Privacy Choices. You may also opt out of this sharing by signaling your preference via GPC, applicable only to the browser signaling the opt-out.
More information
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Select All
We use cookies to provide the best website experience and to help understand marketing efforts. We may also share data with ad partners to reach potential customers across the web. To learn more, visit our Privacy Policy. Click here for Your Privacy Choices. You may also opt out of this sharing by signaling your preference via GPC, applicable only to the browser signaling the opt-out.
More information
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Select All
May Okta Community Buzz
Stay ahead of the curve with Okta for AI Agents, new Okta Learning live sessions and labs, shout-outs, and top trending topics—all aimed at enriching your Okta journey.
At a high level your 4 steps make sense but not knowing anything about your system(s) I think the best place for you to get answers is to look at https://developer.okta.com. You can find PHP specific details on how to implement Okta. https://developer.okta.com/docs/guides/sign-into-web-app-redirect/php/main/ Using the Okta Hosted Widget with redirect is the simplest method to get started. If you use the Okta Hosted Widget then account creation is process is built in and all your apps will need to handle successfully logged in users.
Depending on your design needs, you could use one Okta app instance (assuming OIDC) for all your apps or you can create individual apps.
Best of luck to you!
Hello Matthew,
One of our customer is using our service and their team is implementing Single Sign-On (SSO) for all their vendor's tools. So that their users can access the application with just one set of credentials i.e., Okta Credentials.
What are the required changes they expect to be done on us end?
1) Should we integrate our service with Okta so their users can access our service using their okta credentials?
2) Our customer need to create an application for us into their okta account so their users can access our service using their okta credentials?
Thanks for all your help!
In your original post it sounds like you were going to set up some apps for your customer's 3rd party app to leverage your Okta tenant but in your latest post "2)" it sounds like you are saying that your customer has their own Okta tenant as well and thus two different user sets. If this is the case, I suggest you take a look at how IdPs and routing rules might help. You could also look at establishing an Org2Org relationship between the two tenants if appropriate. I suggest you reach out to Okta Professional Services to look at your use case in more detail to come up with the best approach. Best of luck!
https://help.okta.com/oie/en-us/Content/Topics/Security/Identity_Providers.htm#:~:text=Identity%20Providers%20(IdPs)%20are%20services,account%20or%20a%20smart%20card.
https://saml-doc.okta.com/SAML_Docs/Configure-SAML-2.0-for-Org2Org.html#:~:text=The%20Org2Org%20connector%20application%20is,for%20a%20Hub%2FSpoke%20configuration.
https://www.okta.com/services/professional-services/
@User16762778904117128244 (Customer) So your service is SAAS or On premise? if it is SAAS, you need to consider if all tenants support Okta. if it is on premise, it is more simple. Have you integrate your service by OIDC before? this is the data flow of OIDC. Client App is your service. Authorization server is Okta.
there are three step:
You can find the endpoint information by: /.well-known/openid-configuration, return OpenID Connect metadata related to the specified authorization server.
@MatthewH.10249 (State of Iowa) has provide the Okta PHP SDK .
@Hengfeng Ge, @Matthew Harshbarger Thanks for your reply!
Our service is SAAS based service. One more question need to clear with you:-
Okta supporting following cloud
- Customer Identity Cloud
- Workforce Identity Cloud
I am a little confused about where to create the application in Okta. Can you please clarify which Okta cloud we should use to create the application so our client's customers can access our service using their Okta credentials?
Thanks for all your help and support!
If you have both CIC and WIC tenants and assuming that you have an Org2Org set up with the CIC as the HUB and the WIC as a spoke, I would think that setting up the app in your CIC would be the way to go.
Again, I suggest you reach out to Okta Professional Services to look at your use case in more detail to come up with the best approach. Best of luck!
@User16762778904117128244 (Customer)
Ok, your application should support SAML2 or OIDC by configuration for administrator user.
you can reference:
https://developer.okta.com/docs/concepts/iam-overview/#designing-an-iam-solution
https://developer.okta.com/docs/concepts/saml/#federated-identity
https://developer.okta.com/docs/concepts/oauth-openid/
@Hengfeng Ge, We need to follow these steps in Okta service:
1. Register as a developer in Okta service
2. Create an application for our service in our Okta account
3. Set the "SSO Okta login" link in the login page of our service
4. Our client's customers can use that link to log in to our service with their Okta credentials
5. Okta will authenticate the user's details and redirect them back to our service.
@User16762778904117128244 (Customer) Yes, you can create a developer in Okta service. you can register it from hear: https://developer.okta.com/signup/.
your application should support SAML2.0 or OIDC for SSO with Okta first. without it you applicaiton can't integrate with Okta.
@Hengfeng Ge, thanks for your reply!
Yes. I have performed above steps and its working fine.
For example, "ABC" is our client and they have many customers. "ABC" client want that, their customer's will use our service using their Okta credentials. Is "ABC" client customer can login into our service using their Okta credentials right? or need to perform addition steps into our Okta account for it?