This message was deleted.

external SSO provider (okta) that we’d need to integrate with

Could you use the auth0 oidc integration, or are they using oidc ? Is this the one? https://developer.okta.com/docs/guides/build-sso-integration/openidconnect/main/ If so they support OIDC and that integrates easily with Kratos. SAML is currently being worked on here and there is much interest from the community for it, but I recommend using OIDC when you can.

Thanks for the pointer, Vincent. I’ll take a look. Might be that we leave that part for later anyway. How about the other use cases I mentioned? Is the recommendation to run a separate kratos cluster for each user type? One for each workflow?

You have three user types right? You can configure a different identity schema for each (for example with a metadata field that includes the type) and then have something like Oathkeeper that routes each type of user to a different login UI/application (see this for an example - there are a few others in the repo as well) or if you have also have a need for “permissions”, then I recommend to look at Ory Keto (which is also available in the Ory Cloud right now); that allows you to build more complex access control there.

Yes, it makes sense. I have been through most of the docs and have gone through the quickstart. Right now I’m exploring integrating it with some apps. So far it has been really easy to find answers. Great job on the docs.