Identity Provider for specific groups

Hi there

I’ve setup Google as an Identity Provider, but I only want it available to certain groups in my account. Since using a Google account counts as self-registration, I only want certain groups to be able to register on their own.

I noticed this thread has a screenshot of modifying groups for google IdP, but I can’t track that screen down. Is this possible? I figured it would be under my application sign-on settings, like multifactor, but it’s not there.

Thanks.

I think you could use the user matches rule in the IdP discovery config (feature flag needs to be enabled by support to see this Routing Rules tab):

https://help.okta.com/en/prod/Content/Topics/Security/Identity_Provider_Discovery.htm

The screenshot if from the assignment groups of the IdP configuration (https://support.okta.com/help/s/article/40561903-Configuring-Inbound-SAML):

Group Assignment Option 2: Assign to specific groups

Assign each user to the group(s) listed in the Specific Groups field. You must enter one or more groups in the field.

User-added image