I don't think a custom connector back to Okta (or any other identity provider really) would be necessary to make this work. If the user has a valid SAML or OIDC session, then Passwordstate can assume that the user successfully authenticated with the IdP and was redirected back to the application. At that point, any claims (groups, email, name) that exist in the SAML token could be treated as valid, and if the user doesn't exist in the database at that time, add-in some logic to create their user account in the DB, and then update their group membership (add new groups that exist in the SAML ticket, remove any groups that don't exist in their SAML ticket).
I replied back to support and asked to have this thread moved over to the feature request section! Interested to see if they decide to move forward with developing this functionality or not!
The only feature we have for automatically creating User Accounts in Passwordstate is when you synchronize Active Directory Security Groups - for On Premise AD.
If you need some sort of feature for this, then we can move this post into the Feature Requests area of the forums?
jtstuedle got a reaction from Moiz V in NameID attribute returned was not found in the Passwordstate database - Possible to auto-provision SAML User?
