Create and Customize Attributes for a Custom SAML for Individual Users on the Application Assignments With App Profile Mappings
Jul 3, 2025
Single Sign-On
Okta Classic Engine
Okta Identity Engine
Overview
This article describes the necessary steps on how to customize SAML attribute statements.
This will allow more custom options of individual values for the assigned users of the application.
Applies To
- Single Sign On (SSO)
- Custom Secure Assertion Markup Language (SAML)
- Disabled System for Cross-domain Identity Management (SCIM)/provisioning
Solution
- The first step is to create an attribute statement for the custom SAML application(link).
-
- With the exception, instead of using
user.$attribute_name,appuser.$attribute_namewill be used. - Example from the article above.
- Instead of
user.title,appuser.titlewill be used.
- With the exception, instead of using
- The second step, set up the profile mappings for the application(link).
-
- When adding the attribute, the Data type: depends on what the application requires to send in the SAML assertion: string, array, etc.
- Display name is an arbitrary value; it can hold any value.
- Variable name has to match the $attribute_name specified above.
- If in the attribute statement, appuser.title was used, then the variable name will be title.
NOTE: The $attribute_name is chosen arbitrarily by the admin; the only requirement is that it matches both the attribute statement and the profile mapping attribute name.
Now the application is set up, and the attribute will show up in the user's application assignment with the ability to edit it.
It is possible to override the profile mappings with a value that will be applied only to that user.
If changes using expression language are required, they must be applied through the application's profile mappings.
