<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00007KAPnpCAHOkta Classic EngineAuthenticationAnswered2023-03-21T04:38:28.000Z2021-12-09T19:34:02.000Z2021-12-10T17:42:07.000Z

TylerC.76272 (Customer) asked a question.

December 9, 2021 at 7:34 PM
Okta expression to filter certain strings from an array

Hello there. I've been following the documents on okta's expression language here:

 

My company has a setup in which we have one okta tenant connected to our Active Directory , HubTenant (to pull over groups), then that tenant is connected to our production customer tenant, AppTenant (serving as a host for our customer's Identity Providers and our application registrations). We're saving all of the groups, customer and internal company members, on a Directory Profile attribute called "roles". This attribute is a String Array. This attribute get's populated as intended after authenticating.

 

We're using OIDC to authenticate our customer's with our applications, so we have many authorization servers setup in the AppTenant, each customer getting their own auth endpoint. We're customizing the claims on each of these endpoints as well, including expressing the mentioned "roles" attribute as a "roles" claim on the access tokens.

 

The expression I have for this is as follows (user.roles != null) ? Arrays.flatten(Groups.startsWith("OKTA","",25), user.roles) : Groups.startsWith("OKTA","",25)

 

While this works really well in expressing every group the user is a part of in okta, as well as their "roles" directory profile attribute, we have a business need to limit the groups on our internal company members to just the ones they need for the customer, depending on which authorization server they used. We thought we could do this with an expression to filter the "roles" array on a custom claim. The group names in this string array follow a concise naming convention of "<client-code> <group name>", and we have a need to filter all string values in this array matching a certain client code.

 

I initially thought that filtering an Array would be simple, but I haven't been able to find a way to do it with the available documentation. Is there a way I could filter a String Array according to a certain string value?

 

  • 1 answer
  • 2.03K views
This question is closed.
Loading
Okta expression to filter certain strings from an array