We are trying to implement a use case where a new user created using Google IDP should be assigned to a specific group and not to all groups. Currently, the user is being assigned to all groups.
Please guide us on how to resolve this issue.
Thank you!
That setting should ensure that your Google users are assigned to your TenantA and TenantC groups when JIT’d into Okta (in addition to the Everyone group, of course).
Are you seeing these users assigned to other groups as well? Is it possible you have group rules that are automatically adding them to additional groups?
It is getting added to TenantA, TenantC and everyone. But our usecase is that for single google app there would be different groups and user should be assigned to spcific group. E.g User1 - TenantA, User2 - TenantC using same app.
How we can achieve this scenario? Do we have to create separate apps for different groups?
Please help us to understand.
I’m not sure I follow how this group separation looks. So all of these users are logging in/JIT’d through the same Google Identity Provider, but within Okta they should be members of different groups? What determines of which groups a given user should be a member?
http://localhost:80/TenantC/login. We will determine from the URL that it corresponds to the TenantC group, and based on this, a new user will be added to the TenantC group. Is this use case possible in Okta?@andrea - Can you please help us on the raised question?
Removed - [sorry, I see you added that info above]
I guess I don’t follow how the Identity Provider configuration within Okta could differ under these circumstances (so that one set of users could be assigned to one group and another set of users to another group).
The URL you mentioned, is that for a specific application into which these users will login?
Yes, user will login to application using specific urls i.e.
http://localhost:80/TenantC/login or http://localhost:80/TenantB/login
based on TenantA or TenantC, user will be assigned to specific group.
Is this scenario possible in Okta using external IDP?
@andrea - Usecase details for your reference. Please provide your guidance.
@andrea - We would appreciate your reply for mentioned use case.
Thank you!
@oktadev-blog - Please provide your inputs for mentioned use case.
@andrea - Please guide us. Thank you!
I don’t think your use case is compatible with how we assign users to groups during Identity Provider based JIT as that will always assign all users that are JIT’d through that IdP to all the groups specified.
You may need to come up with your own way to handle this user assignment (such as having your application add the user to a group via API based on the Tenant login page they accessed)
@andrea - Appreciate your reply. Thank you!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
