When Login using Okta, does not receive the correct username and roles
Closed this issue · 2 comments
openunison opens with a cryptic username
This is the sub
attribute that we receive from Okta. It is both immutable and not based on the user's name the way an email may be. In your values.yaml, you can change oidc.claims.sub
from sub
to email
or name
to change this then run helm upgrade orchestra-login-portal tremolo/orchestra-login-portal -n openunison -f /path/to/values.yaml
to update
and no roles (please see screen capture)
This usually happens because the Okta groups attribute isn't configured. Did you follow the steps from https://openunison.github.io/identity%20providers/okta/ for groups? See the below image from the post. You need to tell Okta what claim to store groups in (groups
) and which groups will be allowed.
Following your advices, I managed to make Okta works with OpenUnison, thanks, for your support !