Hey All,

I am trying to setup SAML for accessing SPIE digital library and the technical team on their end is asking for the below:

Regarding your question about the eduPersonScopedAffiliation attribute:

Yes, we do require that your identity provider must send us this attribute, and this is true even for non-academic organizations. Authorization to our service relies on the claim(s) based on this attribute. The SAML name of eduPersonScopedAffiliation attribute is the following urn:oid:1.3.6.1.4.1.5923.1.1.1.9. This is something that should be possible to set up within your Identity Provider. Can you perhaps inquire with Okta about this and see what they say?

(For our current non-academic customers who use Single Sign-on, we typically see that they provide this attribute simply in the form of their domain name, so I’m guessing that for your organization, we would use the attribute “rebelliondefense.com,” but that is just a guess.)

Does anyone know where this attribute is within Okta? I've never heard of it and most likely would assume that them using our domain would work, but wanted to be sure in case someone else here had come across the same thing.

Thank you!