I have a working application connected with an Auth0 tenant. It’s a SaaS B2B product. I onboard companies who use Microsoft AAD with Office 365. This is fairly straight forward since they can log in to the app with their Azure AD through our Auth0 tenant. I can be sure that they are also using Office 365, since we’re using calendars within our applications this is an important part because we need to synchronize their Office 365 calendar with our application.
Since we would like to onboard companies which use Okta workforce or Google Workspace for user management, a new problem arises. The problem is that, with Okta workforce, you can use the Google toolkit or Office 365 for your users. This means that when a user logs in to our application with Okta workforce, we don’t know if they’re using a Google calendar or a Microsoft calendar. So we won’t know where to send new events to or how to synchronize calendars.
I’ve been wondering if there is a specific property which could tell me the toolkit being used. Here you can see an example of someone using Google-Workspace and their provider being google-apps. To me, it seems the Provider could be the part which I would need to decide what calendar the user is actually using, I am just not certain about it. Below I’ve shown 2 examples for Microsoft and Google, I didn’t create an Okta workforce account for testing purposes yet.
A google workspace connected user
{
"access_token": "accesstoken",
"provider": "google-apps",
"user_id": "user@user.de",
"connection": "Google-Workspace",
"isSocial": false
}
A microsoft AAD connected user
{
"provider": "waad",
"access_token": "Accesstoken",
"expires_in": 3816,
"user_id": "user_id",
"connection": "My-Multitenant",
"isSocial": false
}
That is true, the login transition doesn’t cover this data.
What about asking a user for this information during login and storing this data in a user metadata sub-object?
I can see that there is a Marketplace extension called “Redirect Actions for Partners” which allows, during login, to redirect to an external form to ask a user for input and update user profile data with relevant info.
You could consider building your own, analogical flow with Auth0’s Actions to redirect to hosted by you form to get the same effect.
Thanks for your reply!
So it would mean that there is no ‘under the hood’ way of figuring out what toolkit the user uses when logging in with Okta?
Are there any plans of implementing this? Since we’re working with big corporations with over 20k users, if we’re onboarding them and the users would need to fill in their toolkit over the UI, it makes the onboarding user experience pretty annoying. It can be a big hurdle for companies to not use our app, since the onboarding process isn’t as easy as they would like it to be.
Would this be something that an Okta workforce admin could fill in for all users of the Okta workforce directory?
There is no under the hood way of figuring out what’s the calendar product used by different companies that onboard users with Okta.
This kind of information I believe needs to be somehow reflected in metadata of user profile in Okta and mapped with user profile in Auth0 once the integration is set, so you can utilise this information for your product purposes.
Another idea to test on your end is your app having a needed access to Okta API so that you see what’s the user’s calendar app allowed under “My Apps” in the Okta dashboard.