When an Okta Workforce connection is enabled for an SPA, does that SPA try both the Auth0 Username-Password authentication AND the Okta Workforce authentication flows? Or is it just one authentication flow and if that succeeds, the other connection is not attempted.
Basically, depending on how you set up the connection, you would have 2 approaches:
- The enterprise connection ca be set up either as a button or using HRD(Home Realm Discovery). If the connection is set up as a button, the user would need to click on it and authentication will be performed (using the OKTA workforce connection) and the database connection will be ignore.
- If HRD is set up on the connection, whenever a user tries to authenticate using a domain inside the HRD list, they will be redirected to the respective IdP using the created connection (Okta Workforce) and the database connection will be ignored.
If a user already has an email that is associated to a Auth0 Username-Password based account, then I would need to manually ask the user to log into Okta so I know they also have an Okta account or is there some API from Okta (like the Auth0 Management API) that would let me find that information during a login attempt?
You should be able to perform an api request using an action or within your application in order to retrieve an user to see if they also have an identity there. Otherwise, for you to link these accounts, they must have authenticated through the Okta Workforce connection.
Kind Regards,
Nik