A client asked us to integrate into Okta, because they want to use this for SSO.
However beeing new to SSO i was wondering if some-one could explain the following. What i’ve understood so far from the documentation and examples of the SDK, is that a Okta will pass a authentication token when the user is succesfully logged in. However in our application a user has a lot of application specific properties. So basically my question is:
How do I map a successfull Okta login to a specific user in my application?
If a new user is created in Okta that has permissions to login to my application … how do i know what user is logging in, since there is no user in my application created?
Hope to hear your best-practice, to these - i’m sure - common hurdles.
To integrate with Okta, your users will need to be in Okta. If you use OpenID Connect to login, the user’s information will be contained in an ID token. If you need to have a User in your application (e.g., to create relationships with in your database), you’ll have to write some custom code that syncs the user from Okta with your local one.
What language/frameworks are you using to develop your app?
In addition to what Matt has said, you can have custom profile attributes for a user created in Okta.
These attributes can be specific to your application, with default values set during creation.
So, the flow would be something like -
Create a user with application specific attributes set to default values
User logs in to your application through okta
You get the user profile through an id_token (You can also hit /userinfo endpoint)
Update the user attributes as needed, and sync the user in okta and your database
Next time, that user logs in, he will have all the application specific attributes