Okta integration into existing landscape

Hi All,

A client asked us to integrate into Okta, because they want to use this for SSO.

However beeing new to SSO i was wondering if some-one could explain the following. What i’ve understood so far from the documentation and examples of the SDK, is that a Okta will pass a authentication token when the user is succesfully logged in. However in our application a user has a lot of application specific properties. So basically my question is:

  1. How do I map a successfull Okta login to a specific user in my application?
  2. If a new user is created in Okta that has permissions to login to my application … how do i know what user is logging in, since there is no user in my application created?

Hope to hear your best-practice, to these - i’m sure - common hurdles.

Best,
Seb

To integrate with Okta, your users will need to be in Okta. If you use OpenID Connect to login, the user’s information will be contained in an ID token. If you need to have a User in your application (e.g., to create relationships with in your database), you’ll have to write some custom code that syncs the user from Okta with your local one.

What language/frameworks are you using to develop your app?

Thank you for answering mraible!

I’ll be usig the PHP SDK.

So if i understand correct (reffering back to my original questions):

  1. i have to save the Okta ID token on the users in my own database to retreive the properties of the user that is logging in?

  2. If i want to have a user created in my database once it’s assigned to my project in Okta i have to create a script to fetch them?

Best,
Seb

In addition to what Matt has said, you can have custom profile attributes for a user created in Okta.
These attributes can be specific to your application, with default values set during creation.

So, the flow would be something like -

  1. Create a user with application specific attributes set to default values
  2. User logs in to your application through okta
  3. You get the user profile through an id_token (You can also hit /userinfo endpoint)
  4. Update the user attributes as needed, and sync the user in okta and your database

Next time, that user logs in, he will have all the application specific attributes