Hey folks! I’m having trouble creating an Okta integration. (Okta instructions here)
To be clear, what I mean by an integration is a published integration to the Okta Integration Network, that our customers can then connect their Okta instances to. Not a connection that only supports a single Okta tenant.
Requirements:
must use SAML
must work for different Okta tenants
The best instructions I’ve come across are these, for using Okta as an IdP and Auth0 as a Service Provider. Note that the Okta information is dependent on a single connection, so that makes it unlikely to scale to n connections.
That’s close to what we need, but the problem is that setup requires the Auth0 SAML Connection sign-in URL, which is specific to 1 Okta tenant. I’m looking for an approach that will allow easy integration from Okta’s Integration Network into our SaaS application.
As you’ve noted, there are two parties involved in this setup, “Okta as the IdP and Auth0 as a Service Provider.” The Okta Integration would make it easier for your customers to allow users from their Okta org to connect to your applications, and will require a configuration by each of your customers using this integration for each separate Okta org. From the documentation that you linked:
An Okta org acts as a container that sets hard boundaries for all users, applications, and other entities associated with a single customer, providing tenant-based isolation. In developing your SSO app integration, the customer’s Okta org serves as the IdP (SAML).
On the Auth0 side, this will require a SAML enterprise connection be configured for each of your customer’s Okta orgs since these are all separate containers of users.
Here is our documentation on how to configure Okta as your SAML IdP.