we use Okta as an authentication server for single-sign on, every application we have is connected with Okta.
Okta has an API feature where it provides operations to manage users in the organization. As for integration, Okta can be implemented with oauth2.0 as shown here: https://developer.okta.com/authentication-guide/implementing-authentication/
My question is, what is the best option to integrate icingaweb with Okta? should I setup icinga for basic authentication (external), and create a proxy to direct traffic to Okta, or should I go for a more secure option such as LDAP or Active Directory?
I believe you kind of answered your own question in there.
As you already have an SSO and want a secure way, your best way is to use the OKTA Directory-as-a-service and connect the IcingaWeb2 to that LDAP connection.
I’d say none of us here ever used Okta, but hearing that there is an LDAP/AD interface exists would make the connection. Check the docs for specific attributes, the settings for LDAP can be specified as resource and auth provider.
I doubt that a step-by-step guide exists, and personally, I don’t like the way of asking for that every time in this open source community. I’d suggest to try things as suggested and learn as you test things.