Is Okta's "External Idp Linkage Function" really easy to use?

Security business menu

Security business
HOME

To be elected
cause

Service

Handling Manufacturer

Examples/reports/
Blog/Glossary

Seminar/
video on demand

TOP

Products/Services

product
- Okta Workforce Identity Cloud
- Okta Customer Identity Cloud

Specifications/Technical Information

Specifications/Technical Information
- Workforce Identity Cloud Basic Setup Behavior Guide
- Customer Identity Cloud (Auth0) basic setup behavior guide

solution

solution
- Okta Solutions - Zero Trust with Okta

User stories

support

- Macnica Support

Seminar content

Document request

inquiry

Event/Seminar

video on demand

Is Okta's "external Idp linkage function" really easy to use?

Introduction

This time, I would like to explain Okta's external Idp linkage function using use cases. We hope that this article helps you understand the benefits of external IdP integration.

What is external IdP integration?

External Idp integration is a method of delegating Okta authentication to another IdP.

Normally, Okta (IdP)-SaaS (SP) is configured and Okta authenticates.

When external Idp linkage is performed, the configuration is external IdP-Okta-SaaS.
In this case, from the perspective of Okta, the IdP will be an external IdP, and from the perspective of SaaS linked with Okta, Okta will be the IdP and SaaS will be the SP.

Benefits of Okta External IdP Integration

Benefits of Okta external Idp integration include:

It is possible to use the IdP that has been used before the introduction of Okta by group companies, etc., even after the introduction of Okta, so that user convenience is not impaired.
Okta can allocate authentication to external IdPs by looking at user attributes, user name domains, etc., so it can be handled flexibly even when multiple IdPs are used by the entire group company.

External IdP linkage use case

Let's take a look at some of the use cases in action.

● Use case 1: A case where specific attributes are read and authentication is delegated to each company's IdP

In the case of the above configuration, the login flow for each company's users is as follows.

[Login flow for each company]

Sort by a specific attribute (assuming that an attribute called Company was created on Okta this time)

Example) Company A: Company attribute = Company A, Company B: Company attribute = Company B, Company C: Company attribute = Company C

・A社（各社同様のフロー）

Access to company-wide common SaaS
You will be redirected to Okta and enter your ID
Redirect to Company A's Idp because Company attribute is A
Enter credential information on Company A's IdP
When authentication is completed, login to Okta and company-wide common SaaS is completed

● Use case 2: A case where the domain of the user ID is read and distributed to the IdP

In the case of the above configuration, the login flow for each company's users is as follows.

[Login flow for each company]

・A社 “GroupA.com”のドメインのユーザー（B社も同様）

Access to company-wide common SaaS
You will be redirected to Okta and enter your user ID
Redirect to Company A's IdP because the domain is GroupA.com
Enter credential information in Company A Idp
When authentication is completed, login to Okta and company-wide common SaaS is completed

・Users in the “@mycorp.com” domain

Access to company-wide common SaaS
Redirect to Okta
Enter your credentials into Okta
Login to SaaS completed

Summary

Did you understand the flexibility and convenience of external Idp linkage?

グループ会社等が多い企業様にはかなり魅力的な機能だと自負しておりますので、ご興味のある方は弊社までご連絡頂けます幸いでございます。

Inquiry/Document request

In charge of Macnica Okta Co., Ltd.

inquiry Document request

TEL：045-476-2010
E-mail：okta@macnica.co.jp

Mon-Fri 8:45-17:30