MatthewH.10249 (State of Iowa) asked a question.
What are the downsides for setting up Org2Org between two two independent companies?
We have our own two Okta tenants for Workforce and one for Customers and have them connected via Org2Org so that our Workforce tenant users have accounts in the Customer tenant. We have had this working for several years and doing what we need it to do. Recently a 3rd party app provider that uses Okta for their app would like to allow some of our users to access their app/service. If we were to set up an Org2Org pushing a select group of users from our Okta WFI tenant to their Okta tenant is this a best practice and what are the downsides to this design?
Hi Matthew, Thank you for reaching out to the Okta Community!
At first glance, I would say that there are no downsides to this especially if you are dealing with a select group of users that would just have access to the downstream app, not their org to your environment.
You might have to consider if HIPAA or FedRAMP comes into play in any way and if that would cause any conflicts between the environments.
Another thing that comes to mind is parity between password policies (I've seen provisioning fail due to password complexity mismatch) and authentication policies. For example if it would imply having the users have to enroll additional MFAs.
That being said, I would still recommend opening a ticket with my colleagues from the Support Team to have a look with you at the desired use case, just to be sure.
We'll also leave this Question open for other members in the Community that might have implemented something similar, if they can provide some additional insight.
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--------------------------------
Ask the Experts: Okta Device Access Product Team Now Thru 3/22