I have a number of applications and a SAMLP connection that defers to Okta. The SAMLP connection is configured with a login URL that includes the Okta application ID. Okta does this to ensure that the person logging in has permissions to access that application. However, this login URL configuration is static, which means that I can only configure the connection to log in to a single application.
What I’d like to do is have the login URL be changed based on the Auth0 applications, which (more or less) are mirrored from Okta.
For instance, I have applications A and B in both Auth0 and Okta. When a person wants to log in to application A using their Okta credentials, the login URL they would be forwarded to is
https://my.okta.com/app/my_application_a/6JqDvMjDVSKNXv6C905G/sso/saml
But for application B, the URL would be different (e.g. my_application_b
instead of my_application_a
).
This way, I can manage user permissions in Okta through group membership which we already have set up.
Is this possible?
I’ve been playing around with adding multiple Okta connections, one for each application, and setting each application to only use its associated connection. However that has a side effect of creating multiple Auth0 users, one per person per application, which isn’t ideal. Secondarily, how will these duplicate accounts affect MAU?