I’ve created an IDP for Google using the following scopes:
openid
profile
email
https://www.googleapis.com/auth/admin.directory.group
And expected to be able to map the attribute from the admin.directory.group to a field for the General Profile but when I go to add a custom attribute it does not show as an option. Am I missing something?
On the Identity Providers page, if you click on Configure → Edit Profile and Mappings did you create a custom attribute to map to the claim returned by that scope? I believe the “External name” needs to match the name of the claim in the id token.
Looks like when you use the Google social identity provider you’re stuck with a limited list of attributes.
You can try setting up a generic OIDC identity provider which will allow you to add custom attributes.
https://developer.okta.com/docs/guides/add-an-external-idp/openidconnect/configure-idp-in-okta/
Thanks, this gives me the flexibility that I was looking for so now it looks like I need to start digging into a way to map values to the userinfo endpoint from Google into the Okta User Profile. Specifically I’m looking into trying to get Roles and Groups. If anyone has information I would appreciate it.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.
