OIDC Enterprise Connection Does Not Call /userinfo Endpoint

Problem statement

This article addresses the situation in which an IDP does not share user claims in the id_token.

Cause

The context.userinfo object is not mapped.

Solution

Okta’s new OIDC/Okta attribute/claims mapping function will automatically call the /userinfo endpoint if the source of a data element is mapped from context.userinfo object.

1. Navigate to Dashboard > Authentication > Enterprise and choose the OIDC provider.
2. Set the User Mapping accordingly. Refer to the Group claim mapping documentation.

For example:

Related References

• Configure PKCE and Claim Mapping for OIDC Connections
• Group claim mapping