Return LDAP groups in SAML Assertion

User17056847738629796440 (Customer) asked a question.

March 6, 2024 at 4:10 PM

I am setting up SSO through SAML. An LDAP server is connected to okta. I will need access to the LDAP groups of the authenticated user. I previously set up OAuth and was able to achieve this by adding the 'groups' scope to the authorization server.

I found this link (https://help.okta.com/en-us/content/topics/apps/apps_mapping_ad_ldap_and_workday_values.htm) but I don't see the yellow box with "View Setup Instructions." How can I return LDAP groups with SAML assertion?

Single Sign-On

Top Rated Answers

Mihai Negoita - Okta (Okta, Inc.)
2 years ago
Hi @User17056847738629796440 (Customer) , Thank you for reaching out to the Okta Community!

As the article mentions, the Template SAML 2.0 app has been deprecated, so will need to use the App Integration Wizard for a custom SAML app.
As for the “View setup instructions” option, the screenshot in the article is outdated. The UI has changed a bit since then. Please check the screenshot below, the option is now on the side.

I also recommend reviewing the following article:
https://support.okta.com/help/s/article/How-to-pass-a-user-s-group-membership-in-a-SAML-Assertion-from-Okta

If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.

Hope my answer helps!

--------------------------------
Ask the Experts: Okta Device Access Product Team Now Thru 3/22
Expand Post
Selected as Best

All Answers

Mihai Negoita - Okta (Okta, Inc.)
2 years ago
Hi @User17056847738629796440 (Customer) , Thank you for reaching out to the Okta Community!

As the article mentions, the Template SAML 2.0 app has been deprecated, so will need to use the App Integration Wizard for a custom SAML app.
As for the “View setup instructions” option, the screenshot in the article is outdated. The UI has changed a bit since then. Please check the screenshot below, the option is now on the side.

I also recommend reviewing the following article:
https://support.okta.com/help/s/article/How-to-pass-a-user-s-group-membership-in-a-SAML-Assertion-from-Okta

If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.

Hope my answer helps!

--------------------------------
Ask the Experts: Okta Device Access Product Team Now Thru 3/22
Expand Post
Selected as Best
User17056847738629796440 (Customer)
2 years ago
Thank you for the reply. The article you posted does not say anything about LDAP which makes me think it's focused on retrieving groups defined in okta. Is that correct? I want to retrieve LDAP groups.
Expand Post
- Mihai Negoita - Okta (Okta, Inc.)
  2 years ago
  As long as the LDAP group memberships have been imported into Okta, they’ll be passed via the SAML assertion once configured.
  I’ve done this with AD groups in the past. I don’t have an LDAP integration to test with, but the principles apply the same way.
  
  Regards.
  --------------------------------
  Ask the Experts: Okta Device Access Product Team Now Thru 3/22
  Expand Post

This question is closed.

Your Privacy

Your Privacy

Strictly Necessary Cookies

Strictly Necessary Cookies

Functional Cookies

Functional Cookies

Performance Cookies

Performance Cookies

Share or Sell of Personal Data

Share or Sell of Personal Data

Advertising Cookies

Your Privacy

Your Privacy

Strictly Necessary Cookies

Strictly Necessary Cookies

Functional Cookies

Functional Cookies

Performance Cookies

Performance Cookies

Share or Sell of Personal Data

Share or Sell of Personal Data

Advertising Cookies