<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
0D54z00009JaRJMCA3Okta Classic EngineOkta Integration NetworkAnswered2023-06-22T17:30:52.000Z2023-06-13T18:58:08.000Z2023-06-22T17:30:52.000Z

YoniV.86933 (Customer) asked a question.

Okta OIN registration - Alternatives in case of no Multi-tenant setup

Hi,

 

We are currently trying to implement Okta as a possible Identity provider for our Privacy SaaS application.

 

For this we need to register our app in the Okta marketplace via the OIN manager. We started the process and already have a test version with OpenID running on our development environment against our development Okta environment.

 

However, by further filling out the OIN request and reading through the documentation, we came to the conclusion that our environment does not seem to be compatible with the multi-tenant setup of Okta.

 

We offer a multi-tenant SaaS application, but in our IAM setup we only have one Realm for all our customers (Currently), which leads to us only being able to link one Okta identity provider that should be able to access all domain separated Okta tenants of our customers. Is there a possibility for us to only have to add one identity provider for all Okta tenants, or is this inherently impossible?

 

Thanks in advance for your feedback!

 

Kind regards,

Yoni


  • NiallM.34104 (Atlas Identity)

    Hi Yoni. In short, your application must be able to support multiple IdPs ( potentially thousands depending on your customer base ) in order to allow your customers to access Privacy SaaS via their own IdPs. There are patterns you could adopt where you have a broker IdP that provides multi customer IdP integration ( such as Okta or more likely Auth0 - now Okta CIC ). Your single realm Privacy SaaS then has SSO to the broker IdP. Or you could hand off your SSO implementation to Auth0 entirely. Not as simple, but will save you engineering effort.

    Expand Post
    Selected as Best
  • NiallM.34104 (Atlas Identity)

    Hi Yoni. In short, your application must be able to support multiple IdPs ( potentially thousands depending on your customer base ) in order to allow your customers to access Privacy SaaS via their own IdPs. There are patterns you could adopt where you have a broker IdP that provides multi customer IdP integration ( such as Okta or more likely Auth0 - now Okta CIC ). Your single realm Privacy SaaS then has SSO to the broker IdP. Or you could hand off your SSO implementation to Auth0 entirely. Not as simple, but will save you engineering effort.

    Expand Post
    Selected as Best
  • YoniV.86933 (Customer)

    Hi @NiallM.34104 (Atlas Identity)​,

     

    Thanks for the info! That sounds like a feasible approach indeed. But now we know for certain that we have to find a different approach.

     

    Kind regards,

    Yoni

    Expand Post
This question is closed.
Loading
Okta OIN registration - Alternatives in case of no Multi-tenant setup