<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00007OSKNGCA5Okta Classic EngineUniversal DirectoryAnswered2024-04-03T16:09:08.000Z2022-01-18T17:31:00.000Z2022-02-07T20:22:52.000Z

MatthewH.10249 (State of Iowa) asked a question.

January 18, 2022 at 5:31 PM
Restrict multiple IDPs for WFI users pushed to CIAM via Org2Org

We provision our WFI users via Org2Org app to our CIAM tenant and want to know if there is a way to restrict them from being able log into Google IDP and force Okta IDP only so that they always remain sourced by Okta AKA Okta Mastered. We still want all users found in our CAIM that are not provisioned from our WFI via Org2Org app to be allowed to be provisioned from any IDP Google, MS, Okta Mastered, etc.

  • 3 answers
  • 474 views

  • MatthewH.10249 (State of Iowa)

    If anyone has a similar need, take a look at using "Auto-Link Restrictions == Specific Groups". We have a group that contains all users expect for the WFI users and we added that group to the "Specific Groups" so they are the only users allowed to use the Google IDP. You can make this change by going to "Security --> Identity providers --> (select Google IDP) Edit IdP --> Advanced Settings".

    Expand Post
    Selected as Best

  • User16254393570754125507 (Okta)

    Hello @MatthewH.10249 (State of Iowa)​,

     

    This seems to be a pretty specific setup, and I'm afraid that providing a solid answer will not be possible unless getting a hold of additional information. I would strongly suggest opening a support ticket, and we will be able to provide some more detailed answers.

     

    Regards,

     

    Natalia

    Okta Inc.

    Expand Post

    • MatthewH.10249 (State of Iowa)

      Understood and thank you! I have opened a P4 question support ticket (01291049) for this.

  • MatthewH.10249 (State of Iowa)

    If anyone has a similar need, take a look at using "Auto-Link Restrictions == Specific Groups". We have a group that contains all users expect for the WFI users and we added that group to the "Specific Groups" so they are the only users allowed to use the Google IDP. You can make this change by going to "Security --> Identity providers --> (select Google IDP) Edit IdP --> Advanced Settings".

    Expand Post
    Selected as Best
This question is closed.
Loading
Restrict multiple IDPs for WFI users pushed to CIAM via Org2Org