PetrV.52232 (Customer) asked a question.
SSO-Only Application assignment (optional provisioning)
Hi,
Is there a way to assign Okta Users/Groups to an Application that has both SSO & SCIM provisioning enabled, without provisioning users to the app? Basically an option for SSO only assignment.
Use-case example:
- There is an Okta application with both SAML and SCIM provisioning enabled, this application supports only one SAML provider at a time (can't create multiple Okta integrations).
- Creates/updates of regular users are pushed from Okta to the app.
- System Administrator accounts need SAML access, but security policies won't allow Okta to push changes.
Thanks!
Hi @PetrV.52232 (Customer),
Thank you for posting on the Okta community page!
Unfortunately it will not be possible, therefore in order to have the application just for SSO, Provisioning will have to be disabled since this way the app will be used only for single sign on.
Okta has the capability to have 2 of the same apps in which one you can use one only for provisioning and the other application only for SAML SSO since SSO and Provisioning are independent from each other.
Thanks @flaviu.vrinceanu1.5628408972654734E12 (Customer Success Service Delivery)!
You are right! Having 2 integrations, Provisioning-only and SSO-only solves the problem.
Somehow I got trapped with the idea that I need a dedicated app for the sys admin user group and couldn't leave that attitude.
Thank you!