HI.
I have an Okta app + OpenID IdP that points to an App in a different Okta domain. This is Okta-2-Okta integration. How can I configure the IdP don’t create references to external users in my domain’s “Directory->People”?
The connection should be one-time only. I want only to receive an id_token/access_token of the external user and forget about it. I also don’t want to keep a session to the external user and don’t want to use Okta API. Everything should be configured in the console.
I don’t understand, in order for the users in the source/IdP org to be able to access an app in the target/SP org, they must exist and be assigned the app in question within that target org. There is no way they can get access to the application without them being registered as a user in the second/target org.
HI,
We just don’t want to fluid our domain users with the external users received by the IDPs.
This question is somewhat similar to this one in auth0:
Is there a way prevent the creation of a user if they sign on using a social connection should they exist in some custom database?
The Auth0 team proposed this solution:
You might be able to interrupt the creation of the profile using a pre-registration hook. We previously did something similar to prevent new signups from grabbing the username of a not-yet-migrated user.
Is there something similar in Okta?
At this time we do not have a pre-registration hook, so I’m not aware of a way to get around this user creation occurring short of disabling JIT.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.