BrianC.37067 (Service Corporation International) asked a question.
I need to generate some additional attributes to be passed in the attestation. The easiest way I can think of to do this is based on the user's group membership. I have several of these attributes to create, and for the first one (role) is it very straight forward, because the user can only have one role and there are only a few roles available.
Name: role
Value: isMemberOfGroupName("APP-ROLE-ADMIN") ? "admin" : isMemberOfGroupName("APP-ROLE-MEMBER") ? "member" : isMemberOfGroupName("APP-ROLE-REPORTS") ? "reporting" : "read-only"
But for the others, there can be combinations of items. In the next most complicated attribute, a user could have one to three different options.
Name: licenceType
Value: String.join(",", (isMemberOfGroupName("APP-LIC-TYPE1") ? "lic1" : ""), (isMemberOfGroupName("APP-LIC-TYPE2") ? "lic2" : ""), (isMemberOfGroupName("APP-LIC-TYPE3") ? "lic3" : ""))
I would have thought that this expression would create a comma seperated list, if the user were in any of the groups. For example, if the user were in APP-LIC-TYPE1 and APP-LIC-TYPE3, then the string would be "lic1,lic3", but instead there is no value produced. How might I be able to do this?
The last option is very complicated and I am not sure it is doable. I would like to see if someone can help me figure out the second attribute first. That answer may enlighten me on how I could accomplish this last attribute.
can you name the group with same end as license type, then you can substring from the group and get the license type.
Hi @BrianC.37067 (Service Corporation International) , Thank you for reaching out to the Okta Community!
Unfortunately I'm not seeing any Okta Expression Language function that would help with this use case.
I ran a test with the below expression and it seems to work if the user is part of all groups, but the problem comes up when the user is not part of the one or more of those groups. The output would end up being something like ",lic2,lic3" or "lic1,,lic3" and so on. I don't think the downstream app would be able to digest the information this way.
String.join(",", (isMemberOfGroupName("APP-LIC-TYPE1") ? "lic1" : null), (isMemberOfGroupName("APP-LIC-TYPE2") ? "lic2" : null), (isMemberOfGroupName("APP-LIC-TYPE3") ? "lic3" : null))
I was thinking of maybe adding a String.replace in there somewhere but we can't account for all variables that might come up and it only gets more complex if you start dealing with more than 3 groups.
That being said, we'll leave this Question open for the Community, in case someone came up with something better.
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--------------------------------
Join us for the Okta Workflows Ask Me Anything (AMA) on Oct 26. Submit your questions today.
I think this is what you want. I tested it out with my own sets of groups and got back comma separated list that contains no double/extra commas and removes the trailing comma and will return "" when no matches.
String.substring(String.join((isMemberOfGroupName("APP-LIC-TYPE1") ? "lic1," : null), (isMemberOfGroupName("APP-LIC-TYPE2") ? "lic2," : null), (isMemberOfGroupName("APP-LIC-TYPE3") ? "lic3," : null)),0,String.len(String.join((isMemberOfGroupName("APP-LIC-TYPE1") ? "lic1," : null), (isMemberOfGroupName("APP-LIC-TYPE2") ? "lic2," : null), (isMemberOfGroupName("APP-LIC-TYPE3") ? "lic3," : null)))-1)