YanivK.23094 (Customer) asked a question.
Best approach to dealing with app user permissions
Hi,
We have an in house application where the users (and groups) are already managed by Okta.
We would like to add permissions that will be managed in Okta by the applications’ admins.
I’m wondering about the best approach for this.
What I’ve tried so far is creating custom attributes for the application, with group permissions, user permissions, and an override checkbox (user permissions are only applied if the override checkbox is checked). This is since an attribute can be only for groups or only for users:
Then I went to “Authorization Servers” and added a custom claim for each of the above which is always included in the token.
I have several concerns:
- Is this the best approach?
- In order for this to only be part of the token once the user logs in to my specific app, I probably need to add a custom scope. Is there a way to configure this claim to be included only for a specific app with custom scopes? I don't that the user will have to consent to anything new.
Thanks
Hello @YanivK.23094 (Customer) Thank you for reacting out to our Community!
Please see our doc below that should provide additional assistance on this matter:
https://developer.okta.com/docs/guides/request-user-consent/main/
Additionally if you need further assistance we recommend to leverage the Okta Developer forums for this type of questions and take advantage of their expertise.
https://devforum.okta.com/
Community members help others by clicking Like or Select as Best on responses. Try it today.
Earn Today: New Okta Community Badges Have Arrived
Ask the experts about Okta Privileged Access