I have a simple AWS Lambda app. I need to front it with SSO, our IdP provider is Okta. The app is rarely used by a large amount of employees. What would be the easiest way to do that without additional expenses and InfoSec complications (Amazon Cognito, ...)?
Note: You have in parentheses (Amazon Cog[n]ito, ...). I assume you are supplying Amazon Cognito as something you are considering, not something you want to avoid.
I think a relatively easy and cost-effective way would be to:
There will be some cost associated with the user pool and API, but I think this will be small compared to the complexity you would have to assume by handling all the SAML flows in your own code.