Hi, we have an in house application where the users (and groups) are already managed by Okta.
We would like to add permissions that will be managed in Okta by the applications’ admins.
I’m wondering about the best approach for this.
What I’ve tried so far is creating custom attributes for the application, with group permissions, user permissions, and an override checkbox (user permissions are only applied if the override checkbox is checked). This is since an attribute can be only for groups or only for users:
Then I went to “Authorization Servers” and added a custom claim for each of the above which is always included in the token.
I have several issues:
- Is this the best approach?
- In order for this to only be part of the token once the user logs in to my specific app, I probably need to add a custom scope. Is there a way to configure this claim to be included only for a specific app?