Identifying users organization?

Let’s say several new users log into our web app via okta - either by coming to our app and opting to log in via okta, or by clicking the icon for our app in their okta dashboard. Let’s say these new users are all employees of the same company who have decided to use our app.

How do I know that each of these users belongs to the same organization? I have looked through the example application (the ASP.Net sample for OpenID Connect, if it matters) and inspected the data that comes back from the call to get user info, but I don’t see anything tying the user to any organization or logical group of other users. I see name and email in the claims, but that is about it.

Ideally, I would like the customer’s okta administrator to enter their license key for our product into the okta control panel for our application. Then, whenever users log into our app from that organization (provided their admin has given them access, of course), we know that those users belong to that license.


The issuer, iss, claim should tell you what okta org it came from.

I’m unsure if there is integration specific information that can be tied to the token. I’ve pinged the Okta Integration Network team here to see if they can weigh in.