question

PradeepMishraji-1208 avatar image
0 Votes"
PradeepMishraji-1208 asked PradeepMishraji-1208 edited

How to get oid for OKTA with Azure as OIDC external provider

Hi,

Trying to add Azure as an external identity provider in OKTA as IDP provider to have Azure users login into OKTA integrated Applications.
We have tried same with SAML2.0 IDP with objectid as okta username(login) but not able to find the same(objectId-oid) under optional claims as any of IDtoken,AccessToken or SAML token.

Please suggest if I am missing something in the configuration.

When i used oidc debugger to fetch the accesstoken and idtoken though,seeing ""oid": "c35ec35b-c968-499d-bd53-f5283cbd335c"" in Accesstoken.

Suggest how to retrieve this value and use it in OKTA profile mapping to have the OKTA username as objectId using OIDC(same as SAML2.0 IDP setting) and eventually able to use account linking process for single user using both SAML2.0 IDP Azure and OIDC IDP Azure setup.

azure-ad-authenticationazure-ad-app-registrationazure-ad-openid-connect
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @PradeepMishraji-1208 • Thank you for reaching out.
Looking at the Okta OIDC metadata endpoint https://okta.okta.com/oauth2/default/.well-known/openid-configuration, I don't see oid listed as a supported claim but I can see the sub claim that many IDPs use for the object ID of the subject. So, rather than using 'oid', try to use sub.

0 Votes 0 ·

Hi Aman,

We already have OKTA username value with say example ''c35ec35b-c968-499d-bd53-f5283cbd335c" through SAML2.0 IDP setup and now we are trying to migrate to OIDC, and username match is needed for account linking process so that one user can be managed by both SAML and OIDC IDP as profile source in OKTA.

in one of Azure doc, it was mentioned that objectid is unique within a tenant and its immutableID so more secure.

let me know if there is any workaround.

Also, I am not seeing sub as a claim in optional claims to get it added under ID/Access/SAML.

0 Votes 0 ·

0 Answers