hf0ps (hf0ps) asked a question.
We are a large hosted email provider and we have a customer that wants to go with Okta for all authentication. Email webclients are not a problem, we have it figured out (we'll digest the assertion validate SAML Subject, verify the cert, etc.). What about username/password that are provided by thick clients for IMAP/POP/SMTP Auth? We need to connect to some endpoint within the Okta cloud, where we can pass what the user entered, and get some verification back that the creds are correct, so we then let them at their mailbox. Pretty sure this a piece of cake if Okta has the LDAP integrations setup (a LDAP v3 source exists behind Okta), but customer has suggested they will be doing away with said LDAP v3 source. So in absence of this, there must be another endpoint and API that we can connect to. Anyone have ideas? I can't find anything on the Internet about this.
Hi @hf0ps (hf0ps) , Thank you for reaching out to the Okta Community!
If you federate the email provider with Okta, basic authentication might not work.
The provider/client needs to support Modern Authentication.
Basic authentication might be supported in conjunction with federation but it's not recommended as it lowers security and defeats the purpose of using an IDP that would allow securing your environment with MFA.
You can review an in-depth discussion this topic in this documentation.
If my answers helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--------------------------------
Coming soon: Get tips from community managers during Okta Community's first Ask Me Anything event on 6/22