Restrict Okta (SAML) Login to Only Users in My Custom Database

dhiraj.dalvi · April 15, 2025, 2:29pm

Hi,
I’m using Auth0 with a custom database connection for authentication in my SaaS application.

I’ve also integrated Okta using SAML for some enterprise users.

The issue:
When a user logs in through Okta, Auth0 automatically creates a new user in the Auth0 user store — even if that user doesn’t exist in my custom database.
I only want users who already exist in my custom DB to be able to log in.

What I need:

When a user logs in via Okta (SAML), I want to check if they exist in my custom DB.
If they don’t exist, I want to deny access — no user should be created or allowed access.

What I’ve tried:

Pre-User Registration Action → Not triggered for SAML logins
Post-Login Action → Not triggered for SAML logins

Question:
How can I prevent Auth0 from allowing login or creating a user from Okta if that user is not in my custom database?

Thanks in advance!

nik.baleca · April 21, 2025, 7:35pm

Hi @dhiraj.dalvi

Welcome to the Auth0 Community!

I am sorry about the late reply to your inquiry!

Whenever a user uses the OKTA SAML connection, inside the Login script for your custom database you could assign user metadata using the Management API a parameter indicating if they originate form your database such as isImported = true then inside a PostLogin action check if the user logging in has the value present and then deny access and delete the user using the Management API:

exports.onExecutePostLogin = async (event, api) => {

 if(event.connection.name === "SAML-OKTA"){

  if(!user.user_metadata.isImported)
    api.access.deny('You cannot login using this connection')

    //logic that comes for deleting the user comes here
 }
}

As an alternative, you can have this metadata set inside your custom database and check for it once the user is mapped instead of setting it inside the Login script of the database.

Otherwise, inside the custom db Get User script you can check if the user exists in your own database and then deny access and delete the user respectively using an action if necessary.

If you have any other questions or found a solution to your issue, let us know!

Kind Regards,
Nik

Topic		Replies	Views
Getting invalid user in rules, while doing auth with SAML (Okta) Get Help saml , rules , okta	3	2477	February 22, 2022
Validate SAML users programmatically Get Help management-api , connections-management-api	0	399	February 7, 2024
How to import Okta users Get Help management-api , organizations-management-api	4	42	January 28, 2025
Create user in custom db from enterprise saml connection Get Help custom-database , enterprise	2	3120	April 8, 2022
SAML Custom Attribute Mapping Get Help auth0	3	3786	April 12, 2023

Restrict Okta (SAML) Login to Only Users in My Custom Database

Related topics