<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008C3jcFSAROkta Classic EngineOkta Integration NetworkAnswered2023-06-14T20:22:57.000Z2018-02-22T10:14:37.000Z2019-01-24T14:25:12.000Z

dineshm.06727 (Customer) asked a question.

February 22, 2018 at 10:14 AM
mulesoft anypoint platform saml preview requirement for setting group attribute in SAML so that I can map the okta groups in anypoint platform with its roles
I am working on SSO in anypoint platform where myIDP is okta . There is a Mulesoft Anypoint Platform SAML application (existing predefined) in okta by which SSO to my anypoint platform works fine. Now I want to add a SAML attribute to this application so that I can map anypoint mulesoft roles to these okta groups in anypoint platform through external group mapping field in anypoint platform please help me. It is ok if I get a guide of how to define own SAML application in okta to do SSO for my anypoint platform account.
  • 4 answers
  • 1.08K views

  • Paul S. (Okta, Inc.)

    Hello Dinesh,

     

    The group attribute can be mapped once you add the application to your tenant, from the Sign-on Tab. There you can select the type of condition expression and the enter the condition expression that specifies the groups to send in your SAML assertion in the box.

    In this documentatio you have the necessary details to setup SAML for Mulesoft http://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-MuleSoft.html?baseAdmin.

    If you require further assiatance with is, you can also open a Support Case and we will be more then happy to help.

     

    Expand Post
    Selected as Best

  • Paul S. (Okta, Inc.)

    Hello Dinesh,

     

    The group attribute can be mapped once you add the application to your tenant, from the Sign-on Tab. There you can select the type of condition expression and the enter the condition expression that specifies the groups to send in your SAML assertion in the box.

    In this documentatio you have the necessary details to setup SAML for Mulesoft http://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-MuleSoft.html?baseAdmin.

    If you require further assiatance with is, you can also open a Support Case and we will be more then happy to help.

     

    Expand Post
    Selected as Best

  • dineshm.06727 (Customer)

    Hello Paul,

     

    I appreciate for your immediate response and help. I have done what you have already mentioned but that is not working I have no idea why. In my mulesoft anypoint platform I have a bunch of roles to which we can assign users or do external role mapping that is assigning the okta groups, there in the roles I have selected many roles to whichj I gave external group mapping, once I logged in by sso it says you do not have the rights contact administrator but infact I have given admin rights too with external group mapping which is not working. I need this to work, your further help or assistance would help me and be appreciated. 

    Thanks
    Expand Post

  • dineshm.06727 (Customer)

    Hi Paul,

    I overlooked the whole thing, it worked!!!. The confusion was not understanding that group assertion attribute name which is "groups" itself which should be configured in mulesoft platform account. Finally it worked.

     

    Thnaks,

    Dinesh

    Expand Post

  • AlexM.67024 (Customer)

    Hi. I'm running with the same issue, but the solution posted is not working for me (setting the external map to "Groups" in Mulesoft). Has this change recently?

     

    I notice the Okta setup instructions changed a bit.

     

    Thanks,

    Expand Post
This question is closed.
Loading
mulesoft anypoint platform saml preview requirement for setting group attribute in SAML so that I can map the okta groups in anypoint platform with its roles