Our organization is using Okta for our single sign-on solution (of course). Users need to be restricted to viewing their own account information. For example, if a user’s account is 123456, I want them to only be allowed to view data associated with account 123456. They should not be able to view account 98765 (and so on).
What is the best way to tackle this with Okta? Should I enhance the token with the desired account number? Should I create dynamic scopes? Any guidance or best practice here would be appreciated. I will be utilizing Java/Groovy and the Spring Framework. Thanks!