RajeshD.00986 (Customer) asked a question.
Hi ,
I have a requirement where i need to send some application object data from okta as part of saml response.
Is there a way to achieve this ?
As of now we are sending the attributes of a profile(user) which is integrated with ActiveDirectory.
But along with the user profile , we need to send some application data of the user while sending the saml response.
We use cookies to provide the best website experience and to help understand marketing efforts. We may also share data with ad partners to reach potential customers across the web. To learn more, visit our Privacy Policy. Click here for Your Privacy Choices. You may also opt out of this sharing by signaling your preference via GPC, applicable only to the browser signaling the opt-out.
More information
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Select All
We use cookies to provide the best website experience and to help understand marketing efforts. We may also share data with ad partners to reach potential customers across the web. To learn more, visit our Privacy Policy. Click here for Your Privacy Choices. You may also opt out of this sharing by signaling your preference via GPC, applicable only to the browser signaling the opt-out.
More information
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Select All
Sure! So assuming that these attributes are part of the user profile, this is totally possible. If they are not, you may need to create those attributes and/or import them from the AD Schema for mapping as well.
Assuming that is done, you can go into the SAML application that needs these assertions and you can plug them in under General > SAML Settings > Attribute statements.
From here, you can add in the name of the attribute and the value (i.e. user.email for instance) along with name format.
A good link to this can be found here: How to define and configure a custom SAML attribute statement
Testing is also much easier when using the SAML Tracer browser plugin that can be found here as well: SAML Tracer
Please let me know if you have any questions on any of this. Thanks much!!
Thanks for responding @DonF.81354 (Customer)
These attributes we cant expect from AD schema , its related to an Application data where they want to send as request parameters to okta and then expecting okta should send it as an additional attribute in saml response.
we cannot add them to the AD schema as this will impact to other applications.
Let us know if there are any options.
Sure! What attribute are you attempting to send? When I involve AD in the above recommendation, I only say that to get the data into Okta in the first place, assuming this data is originating in AD. If that data is originating in Okta, or is already in the Okta user's profile, then we can ignore that step.
If the data is available, you can follow the above link and configure to send the attribute of your choice to the SAML app in question. Let me know if you have any further questions - thanks!