Closed
Custom Login page for OKTA
Hello,
We are currently using OKTA SSO for authentication. When users access our portal, they are redirected to the Okta login page, and after authentication, they are redirected back to our application.
The requirement is to build a custom login page within our application itself. When a user accesses the application, this custom login page should be displayed, and there should be no redirection to Okta. Instead, authentication should happen seamlessly in the background with Okta. Is this possible in Pega 23?
Posted: 1 year ago
HCA Healthcare
HCA Healthcare
US
@BOUANENEM Yes, it is possible to create a custom login page in your application while using Okta for authentication in Pega 23. You can achieve this by implementing the Resource Owner Password Credentials (ROPC) flow, where the custom login page collects the user's credentials and sends them directly to Okta's token endpoint for authentication. Upon successful authentication, Okta will return an access token and other details, which your application can use to create a user session. This approach avoids redirecting users to the Okta-hosted login page, as all authentication happens in the background. However, this method requires strict adherence to security best practices, such as using HTTPS, storing credentials securely, and complying with your organization's security policies, as ROPC flow exposes user credentials to the client application. Before implementing, verify that your Okta setup supports ROPC and consider consulting Okta documentation or your security team to ensure compliance.