Okta OIDC Users

"Users created with Okta OIDC do not have their names automatically populated in the account section. How can I ensure that their names are automatically populated? When they sign in through the UI, the name section is empty.

Boundary Version: 0.12.1

Good morning. This is a great question and I’m sorry the docs are clearer on how to solve this.

First, you can specify a account_claim_maps which allows you to specify which inbound claim from the id_token or access_token to map to the account’s FullName.

If the IdP isn’t sending you a claim you’d like to use for the account’s full name, then you can specify additional claims_scopes to request from the IdP which can give you access to more claims and hopefully a claim which you’ll find acceptable to use for the account’s full name.

Before closing, I might mention that I answered what I thought was your implied question: how to populate the user account’s name during authentication. The Name field you actually referenced in the pic about in boundary resource name which is a standard field that every resource in our domain has (along with description). A bouundary resource name field is only populated explicitly by admins/practitioners via the TF, API, CLI or UI. It’s not a field that’s populated by an IdP during an authentication flow.

1 Like

I might note, the oidc account’s full name and email are updated from the IdP every time the user successfully authenticate’s with the auth method’s IdP.

Thank you for your reply. I am able to get users full name, email etc through the claims but when they sign in to Boundary Desktop, there is no identification on who signed in as oppose to if I sign in as Admin I can see the Username as admin:

Do i have to enter their name in the UI manually after they signed in or is there a way to populate automatically?

to be more specific:

here is my admin as login name gets populated in boundary desktop :


here is OIDC user info with no login name in boundary desktop:

Hi @lucardcoder, Thanks for your interest in Boundary and for letting us know about this issue. We understand this could be better. Unfortunately, we currently don’t display username when a user authenticates via OIDC, but this will be fixed. Please keep an eye out for this update. Thank you!