<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
User Assigned to the Salesforce App through Multiple Groups only Inherit the Permission Sets from One Group
Jul 28, 2025
Okta Integration Network
Overview

This article is about using the Group Priority and Combine values across groups option in Okta.

  1. A user is assigned to Group 1 with the Test_PermissionSets_1 Permission Set.

Permission 1

  1. The user is assigned to Group 2 with the Test_PermissionSets_2 and Test_PermissionSets_3 Permission Sets.

Permission 2

  1. Go to Directory > Profile Editor > search the Salesforce app > Permission Sets attribute > click the pencil icon. If the Permission Sets attribute Group Priority is set up to Use Group Priority, the user will get the Permission set only from the group with 1 priority. 

"Use Group Priority" option 

For example, Group 1 has priority 1, then the user will have Test_PermissionSets_1 Permission Set.

Permissions 

 
Applies To
  • Provisioning
  • Mappings
  • Attributes
Cause

Consider the following scenario:

Provisioning enabled Salesforce application, a user, and two groups are assigned to the Salesforce app (called Group 1 and Group 2 ), each with different Permission Sets assigned to them.

The Salesforce app has an Assignment tab where users and groups can be assigned to the app. When groups are assigned the app, there will be a column for "Priority".  The higher the group is in the list, the higher it is in the priority.  The user will inherit their Permission Sets from whichever group they are a member of that is highest in priority.
 

Group priority 

 
Solution

This is expected behavior. However, some attributes in the profile can be combined across multiple groups by assigning the app.

To modify this behavior and combine the Permission Sets values across all group assignments, the following steps are required:

  1. Go to Okta Admin Console and navigate to Directory > Profile editor.
  2. Search for the Salesforce app.
  3. Press on the name of the app.
  4. Search for the Permission Sets attribute.
  5. Click the pencil icon to edit the Permission Sets attribute.

Permission Sets attribute

  1. For Group Priority, select the option Combine values across groups and Save attribute.

"Combine values across groups" option

  1. Now the Permission Sets attribute is set up to Combine values across groups. The user will get Permission sets from both groups. The user will have Test_PermissionSets_1, Test_PermissionSets_2, and Test_PermissionSets_3 Permission Sets.

Permission Sets


Related References

Recommended content

Still looking for help?
Loading
User Assigned to the Salesforce App through Multiple Groups only Inherit the Permission Sets from One Group