How to get oid for OKTA with Azure as OIDC external provider
Trying to add Azure as an external identity provider in OKTA as IDP provider to have Azure users login into OKTA integrated Applications.
We have tried same with SAML2.0 IDP with objectid as okta username(login) but not able to find the same(objectId-oid) under optional claims as any of IDtoken,AccessToken or SAML token.
Please suggest if I am missing something in the configuration.
When i used oidc debugger to fetch the accesstoken and idtoken though,seeing ""oid": "c35ec35b-c968-499d-bd53-f5283cbd335c"" in Accesstoken.
Suggest how to retrieve this value and use it in OKTA profile mapping to have the OKTA username as objectId using OIDC(same as SAML2.0 IDP setting) and eventually able to use account linking process for single user using both SAML2.0 IDP Azure and OIDC IDP Azure setup.
Hi @Pradeep Mishraji • Thank you for reaching out.
Looking at the Okta OIDC metadata endpoint
https://okta.okta.com/oauth2/default/.well-known/openid-configuration, I don't see
oidlisted as a supported claim but I can see the
subclaim that many IDPs use for the object ID of the subject. So, rather than using 'oid', try to use
We already have OKTA username value with say example ''c35ec35b-c968-499d-bd53-f5283cbd335c" through SAML2.0 IDP setup and now we are trying to migrate to OIDC, and username match is needed for account linking process so that one user can be managed by both SAML and OIDC IDP as profile source in OKTA.
in one of Azure doc, it was mentioned that objectid is unique within a tenant and its immutableID so more secure.
let me know if there is any workaround.
Also, I am not seeing sub as a claim in optional claims to get it added under ID/Access/SAML.
Sign in to comment