Closed St4n closed 8 months ago
openunison opens with a cryptic username
This is the sub
attribute that we receive from Okta. It is both immutable and not based on the user's name the way an email may be. In your values.yaml, you can change oidc.claims.sub
from sub
to email
or name
to change this then run helm upgrade orchestra-login-portal tremolo/orchestra-login-portal -n openunison -f /path/to/values.yaml
to update
and no roles (please see screen capture)
This usually happens because the Okta groups attribute isn't configured. Did you follow the steps from https://openunison.github.io/identity%20providers/okta/ for groups? See the below image from the post. You need to tell Okta what claim to store groups in (groups
) and which groups will be allowed.
Following your advices, I managed to make Okta works with OpenUnison, thanks, for your support !
When correctly login to OKTA, openunison opens with a cryptic username and no roles (please see screen capture)
Can you tell me where I missed something?
Thanks, Regards, Stéphane.