I’m curious about SSO (Okta) when having multiple organizations…
We have three organizations (dev, test, and prod) which would have different lists of users. Maybe some of the same users across different the orgs, but maybe not all users from test would be in prod for example.
In the SnapLogic SSO configuration, I can implement the same SSO metadata file (prod for example) in all of the orgs, but then it’s checking against the same user list in Okta (prefer to have different user lists for each org) and wants the users to all exist in the prod org in the SnapLogic side. Otherwise we get SSO sign-on errors like:
Single Sing On authentication failed. User XXX is not a member of the organization ‘XXX’ (prod)
Or I can configure each SnapLogic org with it’s own SSO metadata file (still Okta), which would validate against the environment-specific user list in Okta and let each org have it’s own users defines in SnapLogic. But then for users who exist in more than just one of the organizations, we get SSO sign-on errors like:
Single Sign On authentication failed. SSO login cannot be used for users that are members of orgs that have different identity providers
So, how do I go about having different lists of users in each organization (maybe some same users in multiple orgs) without the errors mentioned above? For example, I will have some users in both test and prod, and some users in test but not in prod.
I assume I’m just missing something… Thoughts?