Is there way when accepting auth from a user using a federated IDP (inbound fed) which triggers a JiT provisioning process to save some details regarding the IDP used into a user attribute ? Which can then be used for a look up later.
I know we could assign the user into an IDP marked group upon the JiT process and then in profile mapping’s, use the Okta expression language to map an attribute based upon group membership. However, as the attributes will be pulled directly from the users Okta profile via the api sometimes, it’s not possible to map to an Okta attribute. We could use the above to map to the attribute being passed inside an OIDC JwT but this would then only be passed during the sign on process and not during a nightly sync task for instance.
Is there a way this could be made easier ?