Hi!

Right now I have a node.js application that manage authentication only by using the passportSaml strategy as middleware. Basically, from Okta configuration, we can allow a user to use or not to use the application, and that's it.

But now, we want to add the feature of User Permissions & Management inside of our application. This feature would allow us to have an admin user in the application who can enable/disable different features for different people.

I imagine something like:

My_Application:

• Feature 1
• Feature 2
• Feature 3
• User management view

User 1: roles - admin

User 2: roles - feature_1_read_only

User 3: roles - feature_2_write

User 4: roles - feature_1_read_only, feature_3_write

Or something like that.

The idea is that the user 1 (admin) can use the "user management" feature inside the app to see which user has which permissions/roles and can modify them by adding/removing more permissions/roles

My doubt is: should I save those roles/permissions in the app's database? or is there a way to use Okta roles and from the application we can change (add/remove) those roles saved in Okta to a specific user?

I mean, in the application we should add the logic to show/hide features according to the roles/permissions a user has. But my doubt is if we can get/modify those roles in Okta through our app or if we have to keep our current model (using Okta to only manage if a user can use or not the app) and add these roles/permissions into our db.

This is important because right now we don't have any kind of user information in our database.

I hope I was clear enough and you can answer my question.

Thank you!