User16823672530571559379 (Customer) asked a question.
How To pass Only the AD groups that the user is member of in SAML assertion.
Consider the okta tenant with both okta groups and Connected AD groups available. In saml application we need to send only AD groups (that the user is member of ) in SAML assertion. We can't use the expression Matches Regex .* because it passes both okta and AD groups in assertion. can anyone please provide us with the expression that can be used to send only AD groups.
Hello @User16823672530571559379 (Customer) Thank you for reacting out to our Community!
Please see below this article that should provide the required info:
https://support.okta.com/help/s/article/How-to-pass-a-group-name-with-a-prefix-in-the-SAML-assertion?language=en_US
Community members help others by clicking Like or Select as Best on responses. Try it today.
Follow us at OktaSupport