Hello I was originally writing a question to ask how to add groups to the SAML assertion payload. After a few hours of banging my head I took it to stack overflow and was able to find the answer there: https://stackoverflow.com/questions/35893311/getting-list-of-groups-user-is-associated-with-in-okta .
This is more FYI that the documentation is hard to navigate and the answers that exist are very vague for example:
Good day. The stack article sums up how to scope a group from the Apps SAML Group Attribute Statements , the example provided is to scope out groups containing the Admin value , the response you will get with the assertion , you could scope other group attributes as well ex. roles , If your org supports a large number of groups, use this option to filter them into a single SAML assertion. Filtering options include Starts With, Equals, Contains, and Regex expressions. Our expression language may offer more information on statements and custom mappings if there is a more complex attribute implementation: https://developer.okta.com/reference/okta_expression_language/?_ga=1.36304032.1831648392.1517430269 https://developer.okta.com/docs/api/resources/groups#group-type We have diferent sources for documentation, some may indeed need an update and recent atention, by expanding the search you will get the answer. Wish you a wonderful day.