Embedded Okta Cloud Connect (OCC)

Leverage the power of Okta and increase adoption of your SaaS application by embeddeding Okta Cloud Connect (OCC) into your product

Overview

Okta offers Okta Cloud Connect (OCC) program for ISV partners with the need to quickly and easily connect to customer’s AD infrastructure for authentication and lifecycle management support. For customers, OCC is a free offering for an unlimited time, and for an unlimited number of users to be used with a single ISV application. To learn more about the OCC program, visit the Okta Cloud Connect page.

Embedded OCC takes this one step further by providing an even more seamless user experience for your customers through the following:

  1. Enhancing the Okta tenant creation experience by embedding this into your product user interface
  2. Programmatically instantiating the appropriate app instance in the Okta tenant without the need to go through administrator UI.

At a high-level, the runtime flow/administrator experience is as follows:

OCC High Level Diagram

In this example, ISV is “ACME” – customer is “mycompany”

  1. Administrator navigates to Okta Configuration UI in the ACME administrator console. Enters the necessary information for new Okta tenant creation and hits submit.
  2. ACME uses the input and calls the Okta tenant creation API (/orgs). A tenant is created. API call returns tenant-specific information including an API key for subsequent API access against this newly created Okta tenant.
  3. ACME uses Okta /apps API to instantiate the appropriate app instance to exchange SAML metadata to enable Single Sign-On. Okta receives SAML SP metadata in the request; ACME receives SAML IDP metadata in the response.

If the customer is an existing Okta customer or already has an Okta tenant, an option should be provided to carry out step 3) only. In the diagram above, the “User Existing Okta tenant” option should prompt for tenant-specific information for app instantiation only. More details to follow.

Implementation Steps

Obtain API access for tenant creation

Any ISVs interested in Embedded-OCC should contact Okta (