OIDC groups fro /userinfo only contain `Everyone` Skip to main content
https://support.okta.com/help/answers?id=9060z00000078buqai&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Mike SimonsMike Simons 

OIDC groups fro /userinfo only contain `Everyone`

We're attempting to use the Okta Org authorization server for an internal SSO implementation and we'd like to get the groups that users belong to.

We've added the Regex .* claim to the application but the groups from /userinfo only ever contain `Everyone`.
I'm aware that non-Okta groups will not appear here but my user is a member of several Okta native groups and these just aren't showing up.

Has anyone seen similar? What's up with it?
Silviu MuraruSilviu Muraru (Okta, Inc.)
Hi,


My name is Silviu and I am a Technical Support Engineer (Tier II) at Okta.
Have you tried to use "getFilteredGroups" command as well? Instead of the "all" command for regex. It's an Array with the example: getFilteredGroups({"00gml2xHE3RYRx7cM0g3"}, "group.name", 40)
You can leverage it by using the docs here (https://developer.okta.com/reference/okta_expression_language/).
I would say that should do it, still you might need someone from Support looking at the configuration in a screen-sharing session, if not.
For any further assistance please open up a case with Okta Support and get all the necessary pieces of information, if not provided yet.

Wish you all the best in your work, Mike!


Thank You,
Silviu Muraru
Technical Support Engineer | Okta Inc.
Mike SimonsMike Simons
Thanks for your answer Silviu. I thought that getFilteredGroups is only availabe if you're using the Okta API Access Management SKU? We don't have that SKU as we're only trying to build out a simple SSO gateway and this app would be the only consumer.