We were not able to find a way to restrict applications/service clients from updating certain user profile attributes. So we are building a wrapper on top of Okta API which will check the applications request and their ownership on the User Profile attribute.
Scenario:
In our Organization we have different applications who contribute to Okta User Profile.
Application 1 : Can update only Names, Phone, Email , Address
Application 2: Can update Country of employment , Company Name etc.
We don’t want Application 2 to update Names, Phone or Email.
Question:
- Is wrapper necessary ? Does Okta provide a way to control actions on user profile attributes at application level