Okta SSO using OIDC, how do I determine which organization the user logged in comes from?


We are implementing Okta SSO using OIDC (IdP-initiated) to authenticate users of our clients who use Okta to for identity management.

How can we determine on our end the organization the user who logged in is from? This is when the user logs in to Okta, then goes to My Apps, and clicks our application button.

The goal is to use that organization information of the user to get the correct client_id, client_secret and domain that will be used for the SSO flow.

Thank you!

If this application is set up for IdP-initiated login (this will also be the case for OIDC apps in the OIN), where the user launches the application from their Okta dashboard AND this is configured as part of the OIDC application itself instead of a bookmark app, then, when the user is redirected to the Initiate Login URI, an iss claim query parameter will be attached, indicating the Okta domain they are using.


This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.