<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Manage Okta User Groups when Receiving the Groups Via Attribute
Apr 29, 2026
Lifecycle Management
Okta Classic Engine
Okta Identity Engine
Overview

This article will discuss the situation when mapping groups from one application to the Okta SCIM connector does not import groups, and it can only pass the group names via an attribute.

Applies To
  • Group Management
  • Group Rules
Solution

Prerequisites:

  1. An Okta tenant with Lifecycle Management capabilities.

  2. An application that can pass the names of the user's application side groups via an attribute be it through SCIM, SAML or API.

To condition the assignment of users to groups by the membership of groups from the application side, the following steps must be taken:

  1. Create the required groups in Okta: If the usage of already existent Okta-sourced groups is desired, this step may be skipped; otherwise, groups can be created by navigating to the Admin Dashboard > Directory > Groups and clicking the Add group button, entering a name and description, and clicking on the Save button.

  2. Define the attribute on the Application User Profile: If the attribute is already on the app user profile and the value is already present on the Application User Profile, skip this step otherwise, we can add the attribute by:

    1. Navigate to the Admin Dashboard > Directory > Profile Editor > {Application Name}.

    2. Click on the attribute  button and fill out the required fields, taking care that the Variable Name in Okta matches the variable of the attribute from the application side, the data type matches (if the application attribute is an array, the created attribute must be of the array type), and the External namespace(if visible) is filled out with data from the application side.

    3. Click the Save button.

  3. Define the attribute on the Okta user Profile, which can be done if not previously created by navigating to Admin Dashboard > Directory > Profile Editor > User(default) page and clicking on the attribute  button, filling out the required information on the form, and clicking the Save button.
    NOTE: Please ensure that the Okta attribute's data type matches the previously defined attribute's data type.

  4. Map the Application Attribute to the Okta attribute, which is done by:

    1. Navigate to the Admin Dashboard > Directory > Profile Editor > {Application Name} page.

    2. Click on the Mappings button, {Application Name} To Okta tab.

    3. Select from the list the application attribute created earlier to be mapped to the Okta attribute also created earlier.
      NOTE: If the application and Okta's attribute data types do not match, a data type conversion may be required. More information can be found in the Conversion Functions article.

  5. Create a group rule as explained in the How To Create A Group Rule article in order to assign the users to groups according to the values from the previously mentioned Okta attribute using a group rule expression in the form of String.stringContains(user.createdAttribute, "Name Of The Group") if the attribute has a data type of string and Arrays.contains(user.createdAttribute, 'Name of the Group') if the attribute has the data type of array.


Related References

Recommended content

Still looking for help?
Loading
Manage Okta User Groups when Receiving the Groups Via Attribute