Is it good practice to keep a separate internal user profile for my users while using OKTA for authentication and authorization only?

Forgive the noob question, I’m trying to properly frame the appropriate use of OKTA inside my projects.

Say, your users enter a lot of profile data into your app that results in a large JSON object (many fields, many objects, many arrays of data that is not related to authentication or role-based authorization. My current thinking suggests it makes sense to keep that data inside my own database and not put it in the users’ OKTA profile.

So, I would, for example, associate the sub returned from OKTA with the respective internal user’s profile in my database.

So, my users would authenticate via OKTA, and after that, I pull any of their additional information out of my own database.

Is this good practice? Or is it better practice to consolidate everything regarding user profiles into OKTA?

I’d say, if all of that information is relevant only for a particular application, then keep it locally. But if you have multiple applications which need a shared piece of information, it’d be beneficial to have it in Okta, so that you “change it once in one place”. An example of Last name maybe a good case. If a user changes their last name, you would need to change it in every system keeping its data locally vs having it in the cloud/shared storage. I hope, it helps