Get/map claims from Okta - Enterprise Connection

I’ve successfully set up an enterprise connection to retrieve our users from Okta, but I can’t figure out how to retrieve/map all of the claims I would like. Specifially, I’d like to add given_name, family_name, and groups. My scopes are “openid, profile, email, groups” so I think I should get all of this information, but I’m not.

Is there a way to inspect the token that Auth0 is receiving from Okta so I can check the claims are actually there?

Is there a way to control claims mapping in an enterprise connection?

Has anyone made this particular connection work with Okta using these claims? Is there something I might be missing?

I’ve looked at the topic OIDC enterprise connection claim mapping, but that solution doesn’t apply to Okta.

Hi! I also have the same question. I would like to inspect/map the ID token i receive from enterprise OIDC, but am not able to figure out how. Did you have any success on this?

I’m in this exact situation as well. A bit shocked there isn’t a convenient way to do the group mapping.

I’m having to create an action on login flow that:

1. uses the Management API to fetch the just logged in user’s identity profile (which has an access token to the source idP (Okta)
2. Call the Okta IdP’s /userinfo to get the group claims associated with the user.
3. Add/map those claims to my own Auth0 identity and access token.

It all seems so manual. Especially since I clearly see Auth0 fetching an idToken from Okta with the groups claim.

Anyone else solve it a different way?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.