ContributionsMost RecentMost LikesSolutionsRe: 2023 Customer Awards: Upwork - Best-in-Class: Community Incredibly proud to be a part of this awesome team that has figured out unique, creative ways to solve for common community challenges and expand on out of box components in Khoros. Can't wait to see what is in store for our excellent community over the next year! Re: Saml integrations with Okta So, set up Okta groups. Manage membership to this based off user_type field. then you can use the "user removed from group" trigger in workflows to kick it off. (photo 1) In a nutshell - the user is removed from the okta group when the user_type field in their profile changes away from one of the groups you're wanting to monitor. Being removed from any group triggers workflow 1 - the true false statements check its one of the groups you're monitoring and then if true passes the groupname (and with it the role you are removing) and the required user data into the child flow which uses the khoros API to remove the role. (photo 1) (photo 2) You'll need a child flow that will be responsible for acquiring the users khoros id (if thats not already stored in the users profile) and another that will actually make the api request to khoros directly to remove the role. (photo 2) not pictured are two subsequent child flows, one which fetches and updates the users khoros id if its not in their profile - second is the one that fetches the api-key needed to run apiv2 calls. Our method stores it in a table in okta with a time stamp, when the key is requested it checks its age, if its still valid passes it back, if not requests a new one, stores that in the table and then provides the valid key back to the flow hope this helps. Re: Saml integrations with Okta Yep - more of a workaround than a fix though as it doesnt remove using assertion mapping. use okta groups to manage adding the roles by assertion. then use workflows to remove the role from the user when theyre removed from the okta group or added to a "remove X role group" you can then use okta group rules to manage which users need to have what role removed and let workflows handle the work - be careful to watch the rate-limits. 🙂 Workflows is an 'extra' with Okta - but you can run five workflows without paying more (plenty for what you're wanting to do) I'll come back in a bit with screenshots if needed. Re: [Podcast] Keeping It Simple: Building a Memorable Community Experience 😎Hey! I know that dude! Re: SSO & Okta Integrations I have recently worked with khoros to find a 'fix' for the issue that stopped us being able to send multiple roles in the SAML assertion at user log in. Currently we are using the method using Okta rules / Workflows to push this via API to Khoros, which is triggered by the user being added to the Okta group. The 'fix' requires a ticket with Khoros who can change the expected format from CSV to JSON obejct list and then you can push multiple roles to a user on log in by matching up Okta group membership name to role name in Khoros. this same method can be used to remove roles / access too.