Attribute Statement under Applications to change/override with Group Skip to main content
https://support.okta.com/help/answers?id=9062a000000xzs9qag&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Abhishek SharmaAbhishek Sharma 

Attribute Statement under Applications to change/override with Group

Hello all,

One of the Applications we use in our organization depends on Attribute Statements (Under a SAML Application) to send a value and based upon the content of this value, it separates a user into the application's own concept of groups.

However, after playing around with the Attribute Statements a little bit and a support ticket later, we figured that this is not a feature that has complete support (because, we are able to use statements but there seems to be some kind of limit that prohibits us from using complex Okta Expressions Lang here). Or may be I am missing something somewhere.

As an example, the following Attribute Statement which does only some of what we are trying to accomplish:
Name: orgGroup
Value: 
isMemberOfGroupName("okta-group-a") ? "group-a" : String.substringAfter(user.email, "@")
Okta accepts the above statement as a valid expression and it works as intended.

However, it errors out when we try to add a little more complexity to it like:
Value: 
String.join( isMemberOfGroupName("okta-group-a") ? "group-a" : "", isMemberOfGroupName("okta-group-b") ? "some-random-string-b" : "" )
Is there a known/recommended way to implement an override value for an Attribute Statement with respect to a certain group. Any help in this matter would be appretiated.

Thanks in advance for any help with this.
PS: I am new to this community so please pardon my lack on knowledge around this topic.
Evan AlterEvan Alter (Okta, Inc.)
Abhishek -
For more complex attribute work in a customer SAML app such as this example, we recommend edting the Profile Mapping, rather than the app attribute statements.

More information about Profile Mapping can be found here:
https://help.okta.com/en/prod/Content/Topics/Directory/Directory_Profile_Editor.htm

Does this help?

Evan Alter
Technical Support Engineer
Okta Global Customer Care