Adding Okta users to Authorized Users & Organizations

We have a Rancher 2.2.7 cluster set up to authenticate with Okta, but so far I’ve not been able to add any users to the Authorized Users and Organizations list in Site Access.

I understand the UID field is used as the key, and must be typed exactly because SAML does not support searching. However, even when I type it exactly, there’s nothing showing up in the search view and if I hit enter, the entry field erases and the entry is not added. How do I “add” such a user if I can’t discover it via drop-down or the search (and enter just clears the entry)?

I figured this out. You can’t do it when logged in as a local user. Only the initial Okta account used when setting up & testing it can do so- this user becomes synonymous with the local admin (same user on rancher’s own k8s HA cluster). Then other admins added afterward can mess with this so long as they’re authenticated via Okta.

Since Rancher can’t search Okta for details about users other than your own, everyone else’s accounts show up with the UID Field specified during Okta setup without e.g. their real name.