Saml integrations with Okta
Has anyone ever mapped the remove roles assertion mapping from Okta. We are trying to map removing multiple roles if they have one role. EX if they are a customer we remove Employee and partner. Also...
Forum Discussion
So, set up Okta groups. Manage membership to this based off user_type field. then you can use the "user removed from group" trigger in workflows to kick it off.
(photo 1)
In a nutshell - the user is removed from the okta group when the user_type field in their profile changes away from one of the groups you're wanting to monitor.
Being removed from any group triggers workflow 1 - the true false statements check its one of the groups you're monitoring and then if true passes the groupname (and with it the role you are removing) and the required user data into the child flow which uses the khoros API to remove the role.
(photo 1)
(photo 2)
You'll need a child flow that will be responsible for acquiring the users khoros id (if thats not already stored in the users profile) and another that will actually make the api request to khoros directly to remove the role.
(photo 2)
not pictured are two subsequent child flows, one which fetches and updates the users khoros id if its not in their profile - second is the one that fetches the api-key needed to run apiv2 calls.
Our method stores it in a table in okta with a time stamp, when the key is requested it checks its age, if its still valid passes it back, if not requests a new one, stores that in the table and then provides the valid key back to the flow
hope this helps.
