Forum Discussion

akloepfer's avatar
akloepfer
Expert
3 years ago

SSO & Okta Integrations

Hey guys- I'm having some issues getting answers from Khoros support so i'm hoping you might be able to help. 

Does anyone have any documentation or information that they can share on SSO integrations? We are utilizing Okta and want to push in profile details to Khoros. For example, in Okta we have if a user is a partner, customer or employee. We have those same roles in Khoros. We'd like to automate this so when a user logs into Khoros they are affiliated with a role- partner, customer and employee. Currently right now only users that have an Okta ID can access community. 

 

Thanks for the insights- also happy to connect with other users on a phone call if you're able/willing to!

 

  • StanGromer's avatar
    StanGromer
    Boss
    3 years ago

    Yeah, check out my guide here

    I don't cover roles in there as you'll see MorganBB who took over for me mention in there they are having trouble with it, but he also may have some good advice.

    My .02 but know I don't use OKTA any longer so I can only offer theory more than specific help since I have nothing to look at  - Roles are a pain in the **bleep** when trying to push from OKTA into Khoros. Instead, I would highly recommend using custom profile attributes to trigger the role assignments.  Create something like "KhorosPartnerTrigger" as a custom attribute in Khoros, and map it with OKTA. Using OKTA, Push the value of "true" via the saml assertion into that attribute, which would then just trigger the Partner level rank(s) to add the "Partner" role when that attribute is set to true (Same thing my guide says about creating a badge, you would just create a rank instead)

  • MorganBB's avatar
    MorganBB
    Ace
    3 years ago

    I have recently worked with khoros to find a 'fix' for the issue that stopped us being able to send multiple roles in the SAML assertion at user log in.

    Currently we are using the method using Okta rules / Workflows to push this via API to Khoros, which is triggered by the user being added to the Okta group.

     

    The 'fix' requires a ticket with Khoros who can change the expected format from CSV to JSON obejct list and then you can push multiple roles to a user on log in by matching up Okta group membership name to role name in Khoros. 

    this same method can be used to remove roles / access too.