New RunLLM response generated: >>>*# Question* We seem to have some issues with executions and their relationship to the users that triggered them. When users click

only my executions

in the UI we get strange behavior since it appears that the users for executions triggered by the UI and by flyectl are global. I looked into how the user info is extracted and it takes the

subject

field of the user's JWT, which for whatever reasons always happens to be the Okta client ID (flyectl or flyteconsole) instead of the actual user ID. I'm not super familiar with Okta so this could just be the way that the Okta apps are configured or else I'm wondering if we'll need to modify the logic in flyte admin for how it determines users for executions. # Answer The issue you're experiencing with user identification in Flyte executions likely stems from the configuration of your Okta applications. The

subject

field in the JWT should ideally represent the actual user ID, not the client ID of the application. This misconfiguration can lead to the behavior you're observing, where executions appear to be triggered by the application itself rather than the individual user. To resolve this, you should review your Okta application settings to ensure that the

subject

claim in the JWT is set to the user's unique identifier. This might involve adjusting the claims mapping in Okta to ensure the correct user information is included in the token. If the issue persists, you may need to modify the logic in Flyte Admin to extract the correct user information from a different claim in the JWT, such as

preferred_username

or

email

, which are more likely to contain user-specific data. Would you like more detail on how to adjust the Okta configuration or Flyte Admin logic? Sources: - Migrating Your Authentication Config Slack Link https://.slack.com/archives/CP2HDHKE1/p1730270919.775749 👍 0 button 👎 0 button 💡 Hint: Mention @runllm in the thread for followups.