ep06l (ep06l) asked a question.
Routing rule to show Okta Username/Password and Social login providers for Internal users and SAML for external users
I have 2 types of users, external and Internal. When Internal users try logging in I need to use SAML external provider and for external users should have Okta Username/Password and all other Social login providers.
I tried to use Routing Rule and with userType attribute for routing. For internal users while entering username and then click next they redirect correctly to external SAML provider, but external user see only Okta Username/Password option and not showing the social login providers. Is there any way in which I can achieve the goal. If routing can't help here, is there any other option?
Note : Except the user type there is no way to differentiate internal and external users.
Hello @ep06l (ep06l) Thank you for reacting out to our Community!
At this time this is the expected behaviour for routing rules, after users are redirected for username and password then there is no additional IDP listed for authentication.
However you can add a Feature Request on our Idea section, for a chance that this functionality to be added in the future.
https://support.okta.com/help/s/ideas
Community members help others by clicking Like or Select as Best on responses. Try it today.
Coming soon: Get tips from community managers during Okta Community's first Ask Me Anything event on 6/22
Hi @Paul S. (Okta, Inc.),
How your existing customers are handling this problem? I hope this is one of the common scenario. Is there any possible solutions to achieve this?
Thanks
To be hones, I personally have not heard of this type of scenario. I was not able to find any workaround on this matter thought my research.
Without the routing rule, do you see the social login providers ? Are you saying the routing rule masks the social login providers ? Did you add the code to the widget as per my last post ?
Hi @NiallM.34104 (Atlas Identity),
In routing rule we can add multiple routing rules but it seems like Okta will use the first routing rule only.
I added a routing rule making use of user attributes with user type internal users and route to SAML provider.
And added another one (Priority 2) with user type external user and mapped 2 social login providers (Tried to add Okta also but some validations prevented from adding so)
We I test with an internal user email it works and when I try an external user it shows the Okta username/password flow and not showing the social logins.
I just wanted to know, then what is the use of adding multiple routing rules with user attributes. Or am I doing some misconfigurations.
Thanks
The routing rules are in priority order. It will apply the first routing rule for the authenticating user. It is unrelated to what is displayed on the login page though. If Okta is displaying the username/password challenge, it means that it has not found a routing rule for that user and therefore the user should authenticate at Okta.
Hi @NiallM.34104 (Atlas Identity),
Thanks. I understand. But ideally I wanted in such a way that if the first rule failed it should pick the next rule and upon failure of all the rules only it should display Okta username/password.
Unfortunately this is not the behavior now.
Thanks
I don't see why that wouldn't work. Okta will go down the stack of routing rules. If a user doesn't meet the first, but meets the second. That will be applied. If a user slides down the whole stack and doesn't apply to any of the rules, then the Okta login page will be presented.
Hi @NiallM.34104 (Atlas Identity),
I am sorry, I was trying various combinations and you are right the routing rule works in a hierarchal order.
But my scenario is a bit complicated, please let me know if any possible solutions.
I have 3 external Logins, a SAML provider for Internal user and and Google and LinkedIn for external users.
If the registration page of Okta allowed social signup also, I could have been solved the issue in another way. (This is not available as per Okta Employee)
Thanks
OK. Let's take them one at a time.
1) This out of the box. Configure the IdPs. Add the buttons with code ( classic Okta only ). Done. No problems here ?