DEV Community

Canming Jiang
Canming Jiang

Posted on • Originally published at datawiza.com

How to Get User Groups Using Okta

In this post, we will explain how to get user groups and how Datawiza handles user groups when using Okta as the identity provider.

Get User Groups in Okta

Add the Group Claim in Token

Okta supports customizing tokens returned from Okta with a Groups claim. For this solution, you need to get the token depending on the Oauth 2.0 flow you chose and decode the token.
Image description

You can add the Group claim for the Org Authorization Server or the Custom Authorization Server.

Get user groups by Okta core API

Besides decoding user info from ID Token, the Okta User API provides operations to manage users in your organization. For example, Get Current User fetches the current user linked to an API token or session cookie, and Get User’s Groups fetches the groups of which the user is a member. These two APIs can be used to retrieve different information, which can further be combined into a user profile. For this solution, you need to create an API Token to authenticate requests to Okta APIs.

How to Get User Groups when Using the Datawiza Cloud Management Console (DCMC)

Datawiza supports both of the above solutions to get user groups. By default, Datawiza will try to get user groups from ID Token. So you need to add the Group claim in Okta ID Token:
Image description

If you specify the scope when adding the group claim in ID Token, you need to add the same scope in the Okta configuration.

Image description

Image description

Meanwhile, you can enter the API Token while configuring Okta in DCMC -> IdPs -> Select IdP -> Edit -> Okta API Token. Datawiza will use the API Token to fetch user profiles and user groups from Okta APIs:

Image description

What’s more, you can use DCMC to configure access control based on the user groups:

Image description

References

Written by the Datawiza team — hope you enjoyed! Join us if you have any questions or need any help on our Discord server.

Top comments (0)