Problem statement
This article discusses the best approach for switching Dashboard SSO IdP from One Account (OIDC) to Okta (SAML) while keeping all existing tenant members without disruption.
More context:
- The switch is being motivated by business acquisition.
- The email domain is also being changed (from @company1.com to @company2.com).
- The protocol is also being switched (from OIDC to SAML).
Solution
Due to the number of changes, the best solution is to create a separate connection and replace the older connection.
- Add a new SSO connection with Okta (SAML). Enable HRD for @company2.com email domain.
- Confirm the new connection is functional.
- Delete the current SSO connection with One Account (OIDC) (HRD is enabled for @company1.com email domain).
If the protocol is not changed, modifying the existing connection to point to the new Okta IdP may be another option.