For a custom Saml application you can add "Group Attribute Statements" and pass them through the assertion. You can add them by going to Admin > Applications > Your Application > General > Click Edit next to "SAML Settings" > Click Next and now add the attribute on the "Group Attribute Statements (optional)".
Eugen Dumitru Technical Support Engineer Okta Global Customer Care
Is there any documentation on How to complete the fields? For example what value is used in the Name field? The filter appears to be your group information specifically.
Best Regards, Angela Craghead
Guardian Industries Corp. | Guardian Central
2300 Harmon Rd. Auburn Hills, MI 48326
P. 248.340.0013 | firstname.lastname@example.org
Name is the attribute name you wish to reference. "group" or "role" is common, but it depends on what your service provider is looking for. If you had a bunch of roles as "appname-role" in AD and you need to send that value as "role" you would enter in "role" on the left, and "appname" on the right.
More specifically... We have a number of applications that require all the AD groups a user is a member of in the assertion. Given the filter requirement/option it doesn't seem possible to pass all of the groups a user is a member of using a single function or statement.