I’ve successfully set up an enterprise connection to retrieve our users from Okta, but I can’t figure out how to retrieve/map all of the claims I would like. Specifially, I’d like to add given_name, family_name, and groups. My scopes are “openid, profile, email, groups” so I think I should get all of this information, but I’m not.
Is there a way to inspect the token that Auth0 is receiving from Okta so I can check the claims are actually there?
Is there a way to control claims mapping in an enterprise connection?
Has anyone made this particular connection work with Okta using these claims? Is there something I might be missing?
I’ve looked at the topic OIDC enterprise connection claim mapping, but that solution doesn’t apply to Okta.
Hi! I also have the same question. I would like to inspect/map the ID token i receive from enterprise OIDC, but am not able to figure out how. Did you have any success on this?
I’m in this exact situation as well. A bit shocked there isn’t a convenient way to do the group mapping.
I’m having to create an action on login flow that:
- uses the Management API to fetch the just logged in user’s identity profile (which has an access token to the source idP (Okta)
- Call the Okta IdP’s /userinfo to get the group claims associated with the user.
- Add/map those claims to my own Auth0 identity and access token.
It all seems so manual. Especially since I clearly see Auth0 fetching an idToken from Okta with the groups claim.
Anyone else solve it a different way?