<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
ナビゲーションへスキップメインコンテンツへスキップ
0D54z00009JaRJMCA3Okta Classic EngineOkta Integration NetworkAnswered2023-06-22T17:30:52.000Z2023-06-13T18:58:08.000Z2023-06-22T17:30:52.000Z

YoniV.86933 (Customer) さんが質問をしました。

Okta OIN registration - Alternatives in case of no Multi-tenant setup

Hi,

 

We are currently trying to implement Okta as a possible Identity provider for our Privacy SaaS application.

 

For this we need to register our app in the Okta marketplace via the OIN manager. We started the process and already have a test version with OpenID running on our development environment against our development Okta environment.

 

However, by further filling out the OIN request and reading through the documentation, we came to the conclusion that our environment does not seem to be compatible with the multi-tenant setup of Okta.

 

We offer a multi-tenant SaaS application, but in our IAM setup we only have one Realm for all our customers (Currently), which leads to us only being able to link one Okta identity provider that should be able to access all domain separated Okta tenants of our customers. Is there a possibility for us to only have to add one identity provider for all Okta tenants, or is this inherently impossible?

 

Thanks in advance for your feedback!

 

Kind regards,

Yoni


  • NiallM.34104 (Atlas Identity)

    Hi Yoni. In short, your application must be able to support multiple IdPs ( potentially thousands depending on your customer base ) in order to allow your customers to access Privacy SaaS via their own IdPs. There are patterns you could adopt where you have a broker IdP that provides multi customer IdP integration ( such as Okta or more likely Auth0 - now Okta CIC ). Your single realm Privacy SaaS then has SSO to the broker IdP. Or you could hand off your SSO implementation to Auth0 entirely. Not as simple, but will save you engineering effort.

    投稿を展開
    最良の回答として選択済み
  • NiallM.34104 (Atlas Identity)

    Hi Yoni. In short, your application must be able to support multiple IdPs ( potentially thousands depending on your customer base ) in order to allow your customers to access Privacy SaaS via their own IdPs. There are patterns you could adopt where you have a broker IdP that provides multi customer IdP integration ( such as Okta or more likely Auth0 - now Okta CIC ). Your single realm Privacy SaaS then has SSO to the broker IdP. Or you could hand off your SSO implementation to Auth0 entirely. Not as simple, but will save you engineering effort.

    投稿を展開
    最良の回答として選択済み
  • YoniV.86933 (Customer)

    Hi @NiallM.34104 (Atlas Identity)​,

     

    Thanks for the info! That sounds like a feasible approach indeed. But now we know for certain that we have to find a different approach.

     

    Kind regards,

    Yoni

    投稿を展開
この質問は閉じられました。
読み込み中
Okta OIN registration - Alternatives in case of no Multi-tenant setup