Admin portal giving access denied through IDP


I have a strange problem which I haven’t figured out what is causing it.

Use case is following:

  • I have setup Azure AD as a 3rd party IDP (OIDC).
  • Through this IDP users can login using their company credentials
  • Some users also have group memberships in Okta that provide elevated access. (Site admins)

The IDP Works when authenticating into downstream applications, but whenever trying to login to the admin portal, it fails with the Error 403.

What I have done so far:

  • I have setup the redirect URI’s in Azure AD to include both the custom URL and the default -Callback URLs.
  • I have checked that the Admin portal application is published to the elevated group
  • I have checked that the user is part of the group
  • User creation through JIT and user linking is working

Not sure what to check next, because I’m not even receiving anything else than “SUCCESS” messages to the system log…

If you check the admin application in the Okta Admin console and click on assignments, do you see these users assigned to the application?

1 Like