Custom data entitlements

Hi,

How are custom data entitlements achieved with the Okta authorization solution?

Imagine the following scenario:

Service A is responsible for providing bank account balances. When a user requests to see their bank account balances, the service should respond with the bank accounts they are entitled to. If they request a set of accounts, only the ones permitted should be returned. How can I achieve this using Okta?

Can I attach custom information to the user’s information such that their entitlements are part of the authentication and authorization workflow?

Thanks in advance,
Val

1 Like

Hi @vpetrov

Based on the scenario provided, the values returned in the claims would need to be returned either from the user’s Okta profile (which would require the value to be hard coded through a update call) or by using the Token Inline Hook to bring the bank accounts from an external database and add them as claims in the JWTs.

I have a similar data requirement but in a different business context. I want to create Data Access Entitlement rules for AWS Redshift ( there is an existing Okta Redshift Integration App, which I am aware of, but my requirement is more on the object level and not the CRUD operations).

Entitlement Policies needs to be ideally a part of Group description, so thought of utilizing User Profile ( or any other solution you might suggest ) :

  • Group1-Rule1
    - Policy_Name
    - Table Name
    - Row Name
    - UserID
    - < many more, atleast 20 attributes )

Primarily, we want to use Okta because user could be assigned to these entitlement policies, with logs. Also, we want this to be exposed by /userinfo endpoints. These entitlements policies will be extracted and seeded to redshift via some microservice, further to be utilized by redshift for authorization to different views.

Any suggestions?

Thanks.