<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z0000A2AiTjCQKOkta Classic EngineSingle Sign-OnAnswered2024-03-11T22:58:45.000Z2024-03-06T16:10:28.000Z2024-03-11T22:58:45.000Z

User17056847738629796440 (Customer) asked a question.

March 6, 2024 at 4:10 PM
Return LDAP groups in SAML Assertion

I am setting up SSO through SAML. An LDAP server is connected to okta. I will need access to the LDAP groups of the authenticated user. I previously set up OAuth and was able to achieve this by adding the 'groups' scope to the authorization server.

I found this link (https://help.okta.com/en-us/content/topics/apps/apps_mapping_ad_ldap_and_workday_values.htm) but I don't see the yellow box with "View Setup Instructions." How can I return LDAP groups with SAML assertion?

  • 3 answers
  • 394 views

  • Mihai N. (Okta, Inc.)

    Hi @User17056847738629796440 (Customer)​ , Thank you for reaching out to the Okta Community! 

     

    As the article mentions, the Template SAML 2.0 app has been deprecated, so will need to use the App Integration Wizard for a custom SAML app. 

    As for the “View setup instructions” option, the screenshot in the article is outdated. The UI has changed a bit since then. Please check the screenshot below, the option is now on the side.  

    Pasted 

     

    I also recommend reviewing the following article: 

    https://support.okta.com/help/s/article/How-to-pass-a-user-s-group-membership-in-a-SAML-Assertion-from-Okta

     

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

     

    --------------------------------

    Ask the Experts: Okta Device Access Product Team Now Thru 3/22

    Expand Post
    Selected as Best

  • User17056847738629796440 (Customer)

    Thank you for the reply. The article you posted does not say anything about LDAP which makes me think it's focused on retrieving groups defined in okta. Is that correct? I want to retrieve LDAP groups.

    • Mihai N. (Okta, Inc.)

      As long as the LDAP group memberships have been imported into Okta, they’ll be passed via the SAML assertion once configured.  

      I’ve done this with AD groups in the past. I don’t have an LDAP integration to test with, but the principles apply the same way.  

       

       

       

      Regards.

      --------------------------------

      Ask the Experts: Okta Device Access Product Team Now Thru 3/22

      Expand Post
This question is closed.
Loading
Return LDAP groups in SAML Assertion