Reputation: 61
AD B2C integration with OKTA when OKTA is external IDP
We have a requirement to integrate ADB2C with Okta as an external Identity Provider. There are 3 use cases I see:
- Okta has users in the directory and those are users local to Okta.
- Okta has users imported from the on-prem Active Directory and authenticated with AD credentials via Okta.
- Okta has an Azure AD or other IDP configured as an external IDP (SAML or OIDC). To authenticate those users Okta /authorize url endpoint needs to be called and on each successful authentication an external IDP user becomes an JIT (just-in-time) Okta user, from what I've read in Okta docs.
I was able to set up B2C integration with Okta for #1 and #2 via B2C Custom policies. However, for the #3 I am wondering if it's even possible. And if yes than how. Because in this case Okta would be getting a token from an external IDP and then somehow forwarding that token to AD B2C and B2C would return it to the client. Has anyone had a similar experience/requirement?
Upvotes: 0
Views: 701
Answers (1)
Reputation: 1373
Okta will not forward the token from it's external IDP to Azure B2C instead it will generate it's own token and pass it to Azure B2C.
If you need the actual token from Okta's external IDP, you will need to use the following API: https://developer.okta.com/docs/reference/api/idps/#social-authentication-token-operation
Upvotes: 1
Related Questions
- How to implement AAD B2C and OKTA Integration?
- Integrating multiple Okta directories into the same AADB2C tenant
- Okta redirect URI when used as OpenID IDP provider in Azure AD B2C
- Configure Okta to Mediate between our SP Application and IdP
- Okta SSO with Azure ADB2C
- How to integrate Okta as IDP using SAML with Azure AD B2C?
- Integration of Azure with OKTA using OIDC
- IDP initiated SSO fails with OKTA as an IDP in Azure
- Detailed steps to configure Okta as an IDP in Azure AD
- Okta vs Azure AD B2C When Already Using Azure AD