Trouble getting Okta and roles to work

Product: PowerShell Universal
Version: 3.5.5 - IIS Hosted

I’m working on trying to get my PSU instance working with Okta, coming from Windows auth method in IIS.

I followed the documentation regarding setup of Okta and PSU with my coworker who manages Okta. It seems like we are all squared on that part, but naturally i’m hitting “Unauthorized access” page. I popped up SAML tracer and found the AD group in Okta under Role, so i attempted to use the -claimtype ‘roles’ -claimvalue ‘ad-groupname’ on the new-psurole for administrator, but i’ve had no luck. If i try to move back to using the scriptblock, I have $userinfojson outed to a temp json file but it’s not populating any data.

Frankly, i’m hitting a wall and not sure what to try next.

I shifted over to MSI install and finally got some movement.

In the end the -claimtype and -claimvalue settings wouldn’t work for the role. I ended up doing script code and got it working like-so:


$UserName = ($User.Identity.Name)
$UserName = $UserName.Substring($UserName.IndexOf('\')+1,($UserName.Length -($UserName.IndexOf('\')+1)))

$IsMember = $false;

if($User.HasClaim("Role", "<ADGROUP NAME>")){
    "User $username has role <ADGROUP NAME>" | Out-File "C:\temp\role.txt"
    $IsMember = $true