Restrict Okta (SAML) Login to Only Users in My Custom Database

Hi,
I’m using Auth0 with a custom database connection for authentication in my SaaS application.

I’ve also integrated Okta using SAML for some enterprise users.

The issue:
When a user logs in through Okta, Auth0 automatically creates a new user in the Auth0 user store — even if that user doesn’t exist in my custom database.
I only want users who already exist in my custom DB to be able to log in.

What I need:

  • When a user logs in via Okta (SAML), I want to check if they exist in my custom DB.
  • If they don’t exist, I want to deny access — no user should be created or allowed access.

What I’ve tried:

  • Pre-User Registration Action → Not triggered for SAML logins
  • Post-Login Action → Not triggered for SAML logins

Question:
How can I prevent Auth0 from allowing login or creating a user from Okta if that user is not in my custom database?

Thanks in advance!

Hi @dhiraj.dalvi

Welcome to the Auth0 Community!

I am sorry about the late reply to your inquiry!

Whenever a user uses the OKTA SAML connection, inside the Login script for your custom database you could assign user metadata using the Management API a parameter indicating if they originate form your database such as isImported = true then inside a PostLogin action check if the user logging in has the value present and then deny access and delete the user using the Management API:

exports.onExecutePostLogin = async (event, api) => {

 if(event.connection.name === "SAML-OKTA"){

  if(!user.user_metadata.isImported)
    api.access.deny('You cannot login using this connection')

    //logic that comes for deleting the user comes here
 }
}

As an alternative, you can have this metadata set inside your custom database and check for it once the user is mapped instead of setting it inside the Login script of the database.

Otherwise, inside the custom db Get User script you can check if the user exists in your own database and then deny access and delete the user respectively using an action if necessary.

If you have any other questions or found a solution to your issue, let us know!

Kind Regards,
Nik