Skip to content

Commit

Permalink
clarify okta claim configuration requirement (#16142)
Browse files Browse the repository at this point in the history
  • Loading branch information
@peejaychilds
peejaychilds committed Jun 19, 2024
1 parent cce0a58 commit e48897c
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions doc/Extensions/OAuth-SAML.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -298,6 +298,11 @@ Socialite can specifiy scopes that should be included with in the authentication
For example, if Okta is configured to expose group information it is possible to use these group
names to configure User Roles.

This requires configuration in Okta. You can set the 'Groups claim type' to 'Filter' and supply
a regex of which groups should be returned which can be mapped below.

![socialite-okta-1](/img/socialite-okta-4.png)

First enable sending the 'groups' claim (along with the normal openid, profile, and email claims).
Be aware that the scope name must match the claim name. For identity providers where the scope does
not match (e.g. Keycloak: roles -> groups) you need to configure a custom scope.
Expand Down
Binary file added doc/img/socialite-okta-4.png
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.

0 comments on commit e48897c

Please sign in to comment.