<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
How to Pass a User's Group Membership in a SAML Assertion From Okta Using the Legacy Configuration
Feb 27, 2026
Single Sign-On
Okta Classic Engine
Okta Identity Engine
Overview

This article outlines the steps to pass a user's group membership in a Security Assertion Markup Language (SAML) assertion from Okta using the legacy configuration.

Applies To
  • Group Attribute Statements
  • Custom SAML Applications
  • Secure Assertion Markup Language (SAML)
  • Single Sign-On (SSO)
Solution

To pass a user's group membership in a SAML assertion, please follow the steps below:

  1. Access the Okta Admin Console.
  2. Search for the custom SAML application by navigating to Applications > Applications.
  3. Click on the Sign On tab.
  4. Scroll down and click on Show legacy configuration.

Show legacy configuration 

  1. Under Group Attribute Statements, define the Name of the group attribute and specify the condition for the groups to be passed based on the Filter. Choose keywords to use or a Regex to define the group memberships.

Group Attribute Statements

  1. Click Save.

 

Related References

Recommended content

Still looking for help?
Loading
How to Pass a User's Group Membership in a SAML Assertion From Okta Using the Legacy Configuration