12
Views
7
Comments
Solved
Check OutSystems role after Okta authentication
Question

Hi,

I have implemented Okta authentication in my traditional web application. Its working fine as after Okta authentication it redirect me back to application's home page. My queries are - 

In which method I will get or can check the SAML response returned by Okta. I am not using IdP connector.

Although after authentication redirect to application's home page. But on home page content should be different according to role of user defined in OutSystems. Like I have 3 roles role1, role2, role3. Content of application's home page will be different for each role. But not sure how to check logged in user's role after Okta authentication.

Attached is screen shot of No permission screen.


Please suggest.


Capture.PNG

Rank: #170
Solution

Vikas,

You are right!
After login if User don't exist, it is created in OutSystems Database.

I really suggest you see this trainning:

https://www.outsystems.com/learn/lesson/2020/built-in-authentication

It explains what happen in this case in details:


mvp_badge
MVP
Rank: #19

Hi Vikas Sharma,

I'm not sure if you can have access to the SAML response when using the built-in Okta integration, what do you need it for?

After Okta authentication, the user is authenticated in OutSystems and will have whatever roles where assigned in OutSystems... as far as I know, it's a simple matter of calling the correct Check<Role>Role() action, or ticking the right checkbox on the screens.

Hope this helps!

Rank: #170

Hi Vikas,

Jorge is right.

Check the OKTA docs here it may help.

There is a part about User Roles in OutSystems Users App:


I think is not possible to check the default OKTA roles you would have to map to OutSystems Roles

Rank: #421

Hi Jorge,

Thanks for update. As you mentioned that after Okta authentication, user is authenticated in OutSystems. So my confusion is that how user will be authenticated. I am getting below data in claims :

given: vikas
surname: sharma
email: vikashecb01@gmail.com
username: vikashecb01@gmail.com


Means how OutSystems will come to know that which user needs to be login in OutSystems. Like in above response username received in claims in "vikashecb01@gmail.com". So will OutSystems search with this username in Users table ? If yes means username on my Okta server and in Users table must be same ? Kindly confirm.


Regards

Rank: #170
Solution

Vikas,

You are right!
After login if User don't exist, it is created in OutSystems Database.

I really suggest you see this trainning:

https://www.outsystems.com/learn/lesson/2020/built-in-authentication

It explains what happen in this case in details:


Rank: #421

Hi Jorge and Raphael,

Thank you both, for clarify the flow. Now its clear to me.

Regards

mvp_badge
MVP
Rank: #19

Hi Vikas Sharma,

Like Raphael mentions, the built-in implementation for SAML/Okta/AzureAD in the Users application performs automatic provisioning of end-users. This means that after the first successful login using those external authentication mechanisms there will be a new record created in the OutSystems User entity based on info received from the identity provider.

I can add that (at least for Okta) it will create and configure a user based on the SAML claims, according with your configuration (check the documentation on how to Configure Okta authentication for details).

This will not assign any OutSystems roles to the users.

Hope it helps!

Rank: #421

Hi Jorge,

Yes, I checked it as you mentioned. New user was created in User table but no role was assigned to that user. If user is already in Users table then able to see the screen according to his role.

Again thanks for your clarifications. Your answers are always simple and to the point as I mentioned in NextStep event also on your booth :)

Regards