Does anyone know if an Okta admin can set the level of role for a specific application when adding a new user?
For example, let’s consider OIDC Application 1. When an admin adds a user to this application, if it has specific role access (e.g., an AWS admin account), is there a way to specify that the user is being added with a particular role? I’m curious about this possibility because it would streamline the onboarding process for new users under the company account, with the admin managing everything in Okta.
When a user needs to be added to an OIDC Application, we typically don’t assign users individually. Instead, there are different groups associated with the application, and users are added to the appropriate group.
These groups can be role-based, such as an Admin group or a User group, which are then assigned to the OIDC App.
When this OIDC App is assigned to an authorization server, we can configure a claim within the authorization server. The claim could be:
role = user.isMemberOfGroup(<Admin Group ID>) ? "admin" : ""
This sets the claim to role = admin. This approach works for any roles you might have.