mulesoft anypoint platform saml preview requirement for setting group attribute in SAML so that I can map the okta groups in anypoint platform with its roles Skip to main content
https://support.okta.com/help/answers?id=9062a000000dfleqaw&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
dinesh moturidinesh moturi 

mulesoft anypoint platform saml preview requirement for setting group attribute in SAML so that I can map the okta groups in anypoint platform with its roles

I am working on SSO in anypoint platform where myIDP is okta . There is a Mulesoft Anypoint Platform SAML application (existing predefined) in okta by which SSO to my anypoint platform works fine. Now I want to add a SAML attribute to this application so that I can map anypoint mulesoft roles to these okta groups in anypoint platform through external group mapping field in anypoint platform please help me. It is ok if I get a guide of how to define own SAML application in okta to do SSO for my anypoint platform account.
Best Answer chosen by dinesh moturi
Paul StinigutaPaul Stiniguta (Okta, Inc.)
Hello Dinesh,

The group attribute can be mapped once you add the application to your tenant, from the Sign-on Tab. There you can select the type of condition expression and the enter the condition expression that specifies the groups to send in your SAML assertion in the box.
In this documentatio you have the necessary details to setup SAML for Mulesoft http://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-MuleSoft.html?baseAdmin.
If you require further assiatance with is, you can also open a Support Case and we will be more then happy to help.

 

All Answers

Paul StinigutaPaul Stiniguta (Okta, Inc.)
Hello Dinesh,

The group attribute can be mapped once you add the application to your tenant, from the Sign-on Tab. There you can select the type of condition expression and the enter the condition expression that specifies the groups to send in your SAML assertion in the box.
In this documentatio you have the necessary details to setup SAML for Mulesoft http://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-MuleSoft.html?baseAdmin.
If you require further assiatance with is, you can also open a Support Case and we will be more then happy to help.

 
This was selected as the best answer
dinesh moturidinesh moturi
Hello Paul,

I appreciate for your immediate response and help. I have done what you have already mentioned but that is not working I have no idea why. In my mulesoft anypoint platform I have a bunch of roles to which we can assign users or do external role mapping that is assigning the okta groups, there in the roles I have selected many roles to whichj I gave external group mapping, once I logged in by sso it says you do not have the rights contact administrator but infact I have given admin rights too with external group mapping which is not working. I need this to work, your further help or assistance would help me and be appreciated. 
Thanks
dinesh moturidinesh moturi
Hi Paul,
I overlooked the whole thing, it worked!!!. The confusion was not understanding that group assertion attribute name which is "groups" itself which should be configured in mulesoft platform account. Finally it worked.

Thnaks,
Dinesh