<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Sending SAML Attribute Based on AppUser Attribute Using Personal Attribute Type
Jun 9, 2025
Single Sign-On
Okta Classic Engine
Okta Identity Engine
Overview

How to send Secure Assertion Markup Language (SAML) attributes using a custom AppUser attribute with Personal attribute type, without having to rely on the Okta User Profile to store the information.

Applies To
  • Secure Assertion Markup Language (SAML)
Solution

Sending SAML attributes using a custom AppUser attribute using the Personal attribute type. Personal attribute type will allow to manually enter the value desired to be sent for each individual user under the Assignments tab.

  1. Navigate to Directory > Profile Editor > Users > click on the application's name.
  2. Click on + Add Attribute.
    add_attribute
  3. Select the desired Data type.
    • String data type would be for one value.
    • String array would be for multiple values.
      data_type 
  4. Enter the desired Display name and Variable name.
    Attribute configuration
  5. (Optional) The selection Define enumerated list of values allows attributes to be pre-populated for selection. Without this option, the attributes must be manually populated with the data.
    Define enumerated list of values 
  6. Select the attribute type Personal.
    attribute type 
  7. Navigate to the application's General tab and then SAML Settings > Edit > Next (General Settings) > SAML Settings > Show Advanced Settings.
    Show Advanced Settings 
  8. Add an attribute statement.
    • In this example, the role is the attribute name that will be sent in the SAML Response, and appuser.role will be the variable sent for the attribute value based on what is configured in the subsequent steps. 
      • appuser references the Application User Profile for this specific application.
      • role references the custom attribute created in the previous steps.
        attribute statement 
  9. Navigate to the Assignments tab and click on the pencil for the user for whom a specific attribute value should be sent.
    Edit Assignment   
  10. Enter the value needed to be sent as the attribute value for the specific user and click Save.
    edit user assignment 
  11. Test the login and check the SAML response to ensure it is sending the expected attribute name and attribute value.

<saml2:Attribute Name="role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" > <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string" >Admin</saml2:AttributeValue>

Related References

 

Recommended content

Still looking for help?
Loading
Sending SAML Attribute Based on AppUser Attribute Using Personal Attribute Type