AntoineD.34712 (Customer) asked a question.
Group Mapping between IDP values and Okta groups names
Hi !
I would like to know if there is currently any possibilities to map the group name value received from the IDP towards a different Okta group name, and have some kind of a group correspondance table.
Let's says we have a group A and a group B from the insurer IDP, and we want to map them to a group A' and B' of an application like A<->A' and B<->B'.
It seems that for now A and A' need to have the same group_name so that group_sync can sync them...
I was looking at : https://support.okta.com/help/s/article/How-To-Use-the-Optional-JIT-Setting-Group-Assignments-With-Azure-IdP?language=en_US
Would that be a feature request to get control over the group mapping ? (at least for Azure)
Hi @AntoineD.34712 (Customer) , Thank you for reaching out to the Okta Community!
Currently there is no out-of-the-box implementation to map the groups and as you can see in the article, the naming convention for the groups is not ideal.
That being said, you can look into implementing additional Okta Groups and match memberships by using the Group Rules feature.
A similar implementation was discussed in this older post:
https://support.okta.com/help/s/question/0D54z00008YhQvCCAV/how-to-map-custom-group-names-from-identity-provider-to-oktas-group?language=en_US
In the meantime, you can suggest a Feature Enhancement on the Okta Community page by going to the Community→ Ideas tab. Features suggested in our community are reviewed and can be voted and commented on by other members. High popularity will increase the likelihood of it being picked up by the Product Team and it being implemented.
More details here.
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--------------------------------
Ask the Experts: Okta Device Access Product Team Now Thru 3/22