SuhasM.81827 (Customer) asked a question.
We are trying to set up SAML-based SSO integration between our client, acting as an Identity Provider (IDP), and Okta/Mycompany App, acting as a Service Provider (SP).
As part of this integration, we have a requirement to support just-in-time provisioning, and our IDP will be sending the following identity attributes and business attributes as part of the SAML assertion:
Identity Attributes:
First Name
User ID
Last Name
Business Attributes:
Business Attribute 1
Business Attribute 2
We require to provision only the identity attributes into Okta and send the business attributes to the Mycompany App, where they can be stored in a backend database. The intention is not to store the business attributes in Okta.
Is it possible to achieve this through Okta?
Hello @SuhasM.81827 (Customer) Thank you for reacting out to our Community!
If you want to send these attributes to your application, you will need to store these values in the Okta profile, so that they can be mapped and sent to the application. Unfortunately, without these values in the user profile you will not be able to send them further on.
Community members help others by clicking Like or Select as Best on responses. Try it today.
Hi @paul.stiniguta1.508386743840768E12 (Okta, Inc.) : If that is not possible, what is the recommended approach from Okta ? I am sure this is a common use case. what are other customers doing about this ?
Again idea is we want to only store identity based attributes in Okta & rest of the business attributes are stored in backend database, etc..