<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Adding a Group Claim for a Specific Application/Client
Jan 6, 2026
API Access Management
Overview

The purpose of this article is to provide a solution for groups claim to work for a specific application.

Applies To
  • Group claims
  • Claims
  • Custom authorization server
  • Org authorization server
Cause

Adding group expressions in the default custom authorization server or a created custom authorization server in Security > API > Authorization Servers might affect other applications/clients, as it is shown in the following screenshot:

Default claims

Solution

If it is needed for group claims to return groups for a specified application/client configured in the custom default authorization server or a custom-created authorization server, then use the following expression:

app.clientId == "0oaxxxxxxxx357" ? Groups.startsWith("OKTA", "", 100) : null

default claims

If using the org authorization server, then it is necessary to add the group claim in Applications > Applications > Sign On.

add group claim

Recommended content

Still looking for help?
Loading
Adding a Group Claim for a Specific Application/Client