
YoniV.86933 (Customer) asked a question.
Hi,
We are currently trying to implement Okta as a possible Identity provider for our Privacy SaaS application.
For this we need to register our app in the Okta marketplace via the OIN manager. We started the process and already have a test version with OpenID running on our development environment against our development Okta environment.
However, by further filling out the OIN request and reading through the documentation, we came to the conclusion that our environment does not seem to be compatible with the multi-tenant setup of Okta.
We offer a multi-tenant SaaS application, but in our IAM setup we only have one Realm for all our customers (Currently), which leads to us only being able to link one Okta identity provider that should be able to access all domain separated Okta tenants of our customers. Is there a possibility for us to only have to add one identity provider for all Okta tenants, or is this inherently impossible?
Thanks in advance for your feedback!
Kind regards,
Yoni

Hi Yoni. In short, your application must be able to support multiple IdPs ( potentially thousands depending on your customer base ) in order to allow your customers to access Privacy SaaS via their own IdPs. There are patterns you could adopt where you have a broker IdP that provides multi customer IdP integration ( such as Okta or more likely Auth0 - now Okta CIC ). Your single realm Privacy SaaS then has SSO to the broker IdP. Or you could hand off your SSO implementation to Auth0 entirely. Not as simple, but will save you engineering effort.