0

I have been able to successfully integrate Okta authorization into our application, either by using the Okata plug-in on a custom login-to-okta.html page or checking the StatusCode from the PostResponse(url As String, content As String, ByRef statusCode As HttpStatusCode) As Byte()) function provided through the StackOverflow site.

The problem I have with both of these methods is that this is only authenticating the user, it is not checking to see if the user has access to the app, and in fact, in neither of these cases are we able to pass to Okta any application specific info.

I would much prefer using the plug-in, but either method is acceptable provided we can authenticate a user’s ability to access the app that is managed in that user’s profile in Okta.

BTW, I had emailed Okta support but have not received a reply as yet.

Thanks In Advance

John Waller
  • 43
  • 1
  • 6

1 Answers1

-1

Basically Okta and an IDP is primarily designed to tell you who the user is via a SAML assertion. They they are getting successfully authenticated into your app and they shouldn't be, you should not permit them via the Okta application or you should implement some check at the point of authentication.

Michael Cizmar
  • 462
  • 2
  • 6
  • Maybe you'll know how to answer this one as well: https://stackoverflow.com/questions/66540973/assigning-okta-application-to-authorization-server – CodeMonkey Mar 09 '21 at 05:03