User endpoint in ManagementAPI not returning idp tokens

I have users that use the OKTA Enterprise Connection to login to certain applications. I need to populate the user token with the OKTA Groups that user is assigned to. When they change I expect to they would change in Auth0. So I am following the excepted solution provided here Get/map claims from Okta - Enterprise Connection .

The solution requires in a login action getting the users idp access token from the management api and calling the okta user info endpoint. The issue is that when I call get user in management api no access token is provided in the response. My JWT token contains the scopes read:users, read:user_idp_tokens.

According to the documentation that should be all that is need to get the users idp access token. Why is it that when I call /api/v2/users/{user id} no idp access token is returned?

1 Like

Hi @brandon.knox,

I was able to set up an Okta connection and tested it to get the IdP access tokens. After a request to the get user endpoint with the appropriate token and scopes, I see the Okta access token in the identities array.

Here’s an example of that I see:

  "created_at": "2023-10-04T19:22:34.059Z",
  "email": "xxx",
  "email_verified": true,
  "family_name": "x",
  "given_name": "xxx",
  "identities": [
      "user_id": "trial-xxx|xxx",
      "access_token": "xxx",
      "provider": "okta",
      "connection": "trial-xxx",
      "isSocial": false
  "name": "xxx",
  "nickname": "xxx",
  "picture": "xxx",
  "updated_at": "2023-10-04T19:23:58.881Z",
  "user_id": "xxx",
  "last_ip": "xxx",
  "last_login": "xxx",
  "logins_count": 1

Thank you for the reply. I noticed that I had switched the user mapping to the OKTA template and that seemed to be removing it. When I created a new connection and used the default mapping it came across.

1 Like

Perfect, thanks for the update!

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.