A problem has been identified where, in the context of an Single Sign-On (SSO) integration involving Okta and Stripe, permissions for users do not update appropriately when the profile role assigned to users are altered. Despite no issues being reflected in the Okta logs, it has been confirmed with Stripe that no such changes are detected on their end. The application implicated in this issue is Stripe - Subsplash.
- Single Sign-On (SSO)
- Stripe
- Role permissions update
The root cause of the issue lies in the mechanism of the Stripe SSO integration. When profile roles assigned to users are changed, the permissions are not automatically updated on the Stripe side.
To resolve this issue, follow these steps:
- Ensure the Name and Value are configured in the Okta app integration SAML Attribute Statement section.
- Ensure the profile role has been correctly changed for the assigned users in Okta.
- Instruct the affected users to log back into Stripe in order for the permissions changes to take effect.
By doing so, the permissions changes will take effect as the Stripe SSO integration requires a fresh login to recognize and apply the permission changes based on updated roles.
