<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z000075ukflCAAOkta Classic EngineSingle Sign-OnAnswered2024-04-16T12:29:10.000Z2021-07-29T15:41:45.000Z2021-08-02T07:37:02.000Z

ypgfy (ypgfy) asked a question.

July 29, 2021 at 3:41 PM
Get group custom attribute along with user attributes in SAML assertion

Hello,

 

I have a group defining a custom attribute (project_ids = [1, 2, 3]). In this group, I have a few users. When a user logs in using SSO I want to receive the project_ids group attribute along with the user's attributes (e.g. first_name, last_name, etc). Is there a way to achieve this without explicitly setting the project_ids attribute in each user, so I can easily update the project_ids for all users in a specific group?

 

In my app attribute statements I have:

  • email -> user.email
  • first_name -> user.firstName
  • Need something like groups -> user.groups (where group has project_ids at least)

 

Thank you!

  • 2 answers
  • 810 views

  • User15730827963261093920 (Vendor Management)

    Hi Bat,

    Cosmin here, with Okta Support.

    If my understanding is correct, you have defined a custom attribute in Okta as an array, and you are looking to populated the value for each user on group level (on action that will cover all users in the specific group).

    The attribute statement does support arrays (through a specific feature) but it will not work the way you've mentioned above, as it will always reference individual attribute values, and populating the specific attribute (user.$attribute) based on group membership is not currently a supported feature.

    You can look at https://support.okta.com/help/s/article/How-to-define-and-configure-a-custom-SAML-attribute-statement?language=en_US on how to setup a SAML attribute, but the requirement would be to have the user.$attribute populated for all users.

     

    If you have further questions I do recommend opening a Support Case so we can review your setup in details for a better understanding of your use-case.

    Expand Post

  • ypgfy (ypgfy)

    Hi Cosmin,

     

    I need to easily manage an array of integers for a group of users. E.g. I have 5 users that should have ids = [1, 2, 3], another three users having ids = [3, 4, 5] and if I change the first group ids to [2, 3, 4] -> this should apply to all users in this group. So whenever some of them log in, in the SAML assertion I got their ids.

     

    What I'm currently doing is -> I've defined a custom group attribute (projects_ids which is an array of integers). Then I populated this attribute with [1, 2, 3]. I added some users to this group and I'm trying to get the group project_ids attribute in the SAML assertion along with the user's first name, last name. The user's names are good but I cannot get the group attribute (project_ids).

    Expand Post
This question is closed.
Loading
Get group custom attribute along with user attributes in SAML assertion