AD Group Application Assignment Frustration

We are in the process of an Okta rollout and we would primarily like to use AD groups for application assignment. I keep running into roadblocks with the app assignments as there are multiple attributes in our applications which cant be assigned to a group since there are more than 1 conflicts (e.g we cannot assign our sales group to an application because it needs us to fill out a role, location, and department attribute for the assignment and while the deparment should be static, the role and locations of members in the sales group will change).

Since all apps are different and will have their own attributes we will need to worry about im at a loss as how to architect our groups in AD for Okta app assignment without it being an absolute mess. If anyone has any experience with this I would love to hear suggestions. 

Adrian RahauAdrian Rahau (Okta, Inc.)

Thank you for reaching out to Okta Community.
In the profile editor where you define the attribute mappings, use conditions based on group functions to set attribute values accordingly. See here - for more details on the expression language we support from within the product.

Adrian Rahau
Technical Support Engineer | Okta