<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00007k11SxCAIOkta Classic EngineSingle Sign-OnAnswered2022-06-24T16:34:36.000Z2022-06-23T15:13:00.000Z2022-06-24T16:34:36.000Z

AdamH.05926 (Customer) asked a question.

June 23, 2022 at 3:13 PM
Assign app profile field data via groups assigned to the application

I am trying to setup an application that has multiple roles for users. My plan was to setup multiple groups for each role and then assign them to the application.

 

Once assigned to the app each group is then going to set a Role1 field in the app profile for the user by pulling data from their Okta user profile as the data for that is based of a field that is different for each user.

 

For example if it were based on a users location field we have setup in their Okta profile I want the group to set the Role1 app profile fields using "user.location"

 

I tested this and it just appears to set their value to Role1 = user.location instead of pulling in the location number from their user profile.

 

Is there a better way to do this? We have in the past done this as part of the Saml assertion setup using Okta expression language to assign different values if the user meets certain If statements. Was hoping to avoid creating a long If statement to pull the data and just have it be generated by the group assignment.

  • 1 answer
  • 519 views

  • Mihai Negoita - Okta (Okta, Inc.)

    Hi @AdamH.05926 (Customer)​ , Thank you for reaching out to the Okta Community!

     

    If we're talking about Okta verified apps from the catalogue (Okta Integrations Network) that are Provisioning enabled and have Schema discovery or simply support custom attributes, then you should able to go to your Okta Admin Dashboard→ Directory→ Profile Editor→ <app name here>→ Add Attribute (select type "Group" instead of "Personal"). 

     

    If we're talking about a custom SAML app set up with the Application Integration Wizard, the way to send custom attributes is through the "Additional Attribute Statements" side of things. Like you said, with a potentially "long IF statement" if there are a lot of groups involved. 

     

    SCIM Provisioning might be an option, but it entails a significant amount of development and deployment.  

    If you're interested in pursuing this avenue, here are some resources to help you get started:

    https://developer.okta.com/docs/concepts/scim/

    https://help.okta.com/en-us/Content/Topics/Apps/Apps_App_Integration_Wizard_SCIM.htm

     

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope it helps! 

    Expand Post
This question is closed.
Loading
Assign app profile field data via groups assigned to the application