Expression language get groups by user Skip to main content
https://support.okta.com/help/answers?id=9060z000000jjjmqac&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
John HinesJohn Hines 

Expression language get groups by user

I'm trying to configure the claims for an authorization server and wanted to included the list of groups a user is assigned to. How would that expression look? Is there another way to add group assignments of a user to as a claim?
Radu GalanRadu Galan (Okta, Inc.)
You can use this function anywhere to get a list of groups of which the current user is a member, including both user groups and app groups that originate from sources outside Okta.
1)If you use authorization code flow, return both access_token and id_token, id_token claim will not contains groups, only bearer + access_token using user endpoint will contains groups
2)if you use implicit flow, request id_token alone it will contains the group, require access_token alone it will also contains groups.
3)Use your org or authorization server should both work in the same way.
4)you need OIDC APP->SignOn Tab->Groups claim groups Regex .*

https://developer.okta.com/reference/okta_expression_language/#using-group-functions-for-dynamic-group-whitelists

https://support.okta.com/help/answers?id=9062A000000XZqXQAW&feedtype=SINGLE_QUESTION_DETAIL&dc=xOkta_API&criteria=OPENQUESTIONS&