Auth0 + Okta INTEGRATION (for multiple Okta organizations)

Hey folks! I’m having trouble creating an Okta integration. (Okta instructions here)

To be clear, what I mean by an integration is a published integration to the Okta Integration Network, that our customers can then connect their Okta instances to. Not a connection that only supports a single Okta tenant.

Requirements:

  • must use SAML
  • must work for different Okta tenants

The best instructions I’ve come across are these, for using Okta as an IdP and Auth0 as a Service Provider. Note that the Okta information is dependent on a single connection, so that makes it unlikely to scale to n connections.

That’s close to what we need, but the problem is that setup requires the Auth0 SAML Connection sign-in URL, which is specific to 1 Okta tenant. I’m looking for an approach that will allow easy integration from Okta’s Integration Network into our SaaS application.

Any ideas?

Hi @alex38,

Welcome to the Auth0 Community!

As you’ve noted, there are two parties involved in this setup, “Okta as the IdP and Auth0 as a Service Provider.” The Okta Integration would make it easier for your customers to allow users from their Okta org to connect to your applications, and will require a configuration by each of your customers using this integration for each separate Okta org. From the documentation that you linked:

An Okta org acts as a container that sets hard boundaries for all users, applications, and other entities associated with a single customer, providing tenant-based isolation. In developing your SSO app integration, the customer’s Okta org serves as the IdP (SAML).

On the Auth0 side, this will require a SAML enterprise connection be configured for each of your customer’s Okta orgs since these are all separate containers of users.

Here is our documentation on how to configure Okta as your SAML IdP.

2 Likes

Thanks for the reply @eric.culley!

I think the key part that I’m confused about is that the single sign on URL, required in an Okta integration, contains the connection name, in Auth0.

How could I create a generic solution given that constraint?

Perhaps that is more of an Okta challenge than an Auth0 one

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.