Sitecore Identity - Sticky Virtual User Properties Issue
I recently came across an issue with our CMS users getting elevated access permissions even after they were moved to a lower-level role. We use OKTA as our identity provider and use federated authentication to integrate Sitecore with OKTA for staff login. The OKTA group memberships are mapped to Sitecore roles using claims mapping to manage user roles in Sitecore. This was working fine for a long time until recently when we started noticing changing user roles in OKTA have no impact on the user permissions in Sitecore. I started troubleshooting by monitoring the network traffic during the login redirect, capturing the JWT token to inspect the claims we are receiving from OKTA. Once the user's group membership in OKTA has changed, I can see the new groups values in the claims. So, the issue has to be on the Sitecore end with claims to roles mapping. After further investigating into the code which hasn't changed in months, I looked into what else has changed. We did upgrade our