We were not able to find a way to restrict applications/service clients from updating certain user profile attributes. So we are building a wrapper on top of Okta API which will check the applications request and their ownership on the User Profile attribute.
In our Organization we have different applications who contribute to Okta User Profile.
Application 1 : Can update only Names, Phone, Email , Address
Application 2: Can update Country of employment , Company Name etc.
We don’t want Application 2 to update Names, Phone or Email.
- Is wrapper necessary ? Does Okta provide a way to control actions on user profile attributes at application level