We have a SaaS application that can currently use Azure AD as an Identity Provider for SSO. The SaaS application is using OIDC to federate to Azure AD. As an identifier to map the authenticated user from Azure AD, the SaaS application is using the claim “oid”, which is the “Object ID” of a resource in Azure AD.
To migrate from Azure AD to Okta, I tried to provide an additional claim for the corresponding Authorization Server in Okta. However, when trying to add the claim “oid”, it is not possible to include “oid”, as it is a “Reserved claim” in Okta (Token inline hook reference | Okta Developer).
I can’t seem to find any further explanation or details about “Reserved claims” and how each claim can be included in a token. For the “oid” claim I cannot figure out, how Okta can provide this claim.
Thus, my questions are:
Is “oid” a claim that is included in a specific scope? Or are there any other details about “Reserved claims” in Okta that I cannot find?
Is there any other way, how I can include the “oid” claim in a token for OIDC?
Hi @louie, thanks for your response.
Yes, there is an application that is expecting the oid value and that implemented only Azure AD in mind as an available IDP.
We want to showcase customers of that application that they can use Okta as an IDP and manage their identities solely with Okta instead, so I’m not looking to pull this value in from Azure.
Is there any possibility to provide the “oid” claim with an unique identifier for a user?
Hi @sigama, thanks for the clarification. I will note this limitation that Okta cannot provide “oid” as a claim.
I will try to contact the developers of the application to integrate.
Out of interest: Is there any further information about the reserved claims beside the link you provided and more information of each one of them, if we encounter issues with them in the future?