We have an existing .NET web application (currently Framework, in the process of migration to Core), which is using Microsoft.AspNet.Identity (with SQL server, Entity Framework and cookie authentication).

I have a new client who wants to use Okta SSO for their users, but I can't find any examples or documentation that shows how this can be done in an existing app with existing identity server.

My experience so far is that if I introduce the Okta.AspNet library and add the OktaMvc middleware into my code startup, it just "takes over" all authentication. What I want is to still have my existing login page, and allow users to have two choices that they can make:

• log in with their username and password that will authenticate using our existing system, OR
• if they click a button for "SSO with Okta" (or something like that), it would take them to the Okta hosted login page, where they could log in and then get redirected back to our site, where they could be seen as "authenticated"

I'd even be happy with this particular client has a custom flow JUST for their domain (we would be running this client on their own domain), that mean that requests for this request enforce the Okta flow. But again, I can't see any example of how this could be possible, and I'm not sure if it is?

To me, this is more like "using Okta as an external provider" like we can do easily with Facebook/Twitter etc. Is that correct, and is that possible?

I found another person asking a similar question here, but I didn't find anything in the provided answer that helped answer the actual question.: https://support.okta.com/help/s/question/0D54z00007GUIQECA5/is-it-possible-to-use-membership-and-okta-singlesign-on-on-the-same-application?language=en_US

Thanks,

Bron

How can we provide this SSO feature with Okta to one client, whilst still using our exiting identity service for eveyone else?