We have Okta with AD(Active Directory) integration. Added a dotnet application to sign in with okta. App login works fine. But we are getting only ‘username’ in the claims. We need to get the ‘Sid’ and ‘LoginName’ also in the claims. Those are the AD properties of a user.
How to get the AD attributes as claims from Okta token?
Hello,
First you want to verify that these AD attributes are mapped from the AD user profile to the Okta user profile. This can be done with the profile editor found under Directory > Profile Editor
From the Okta user profile these attributes should then be mapped to the .NET OIDC application user profile in Okta, also done with the profile editor.
If you are using a custom authorization server (Security > API > Authorization Servers) for the .NET application you can then map these attributes to claims in either or both the id and access tokens.
If you are using the Org authorization server, whether the attributes show up or not depends if an implicit flow is used. In the case where the implicit flow is not used (recommended), then in order to retrieve a users full profile the /userinfo endpoint will need to be called.
Working with Okta profiles and the editor:
Differences between authorization server types:
Differences between thin/thick tokens:
https://support.okta.com/help/s/article/Okta-Groups-or-Attribute-Missing-from-Id-Token?language=en_US
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.