<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z0000AH7ij4CQBOkta Classic EngineSingle Sign-OnAnswered2024-10-31T22:09:04.000Z2024-10-23T14:09:47.000Z2024-10-31T22:09:04.000Z

User17296921910373431306 (Customer) asked a question.

October 23, 2024 at 2:09 PM
Filter groups associated with the user in SAML

When testing the SAML assertion, if we use the ".*" on the Group Attribute Statements, the SAML assertion will contain EVERY group the user is assigned to.

 

But I wanted to filter and return only when:

the user is assigned to the group AND the app is also assigned to the group.

 

In other IdP, like Azure, we have an option like:

"Which groups associated with the user should be returned in the claim" with one option being: "Groups assigned to the Application"

 

Is there a way to only return the groups which are associated to both the user and the app?

 

Thanks in advance

  • 3 answers
  • 303 views

  • Mihai Negoita - Okta (Okta, Inc.)

    Hi @User17296921910373431306 (Customer)​ , Thank you for reaching out to the Okta Community! 

     

    This is not supported. The SAML app Group Attribute Statements always reference the user. 

    In essence, it means "pass any group that is assigned to the user AND matches the following restrictions StartsWith/Contains/Equals/Regex ".  

     

    You can suggest a feature enhancement on the Okta Community page by going to the Community Ideas tab. Features suggested in our community are reviewed and can be voted and commented on by other members. High popularity will increase the likelihood of it being picked up by the Product Team and it being implemented. 

    More details here.

     

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

     

    --

    Ask Us Anything about Workflows now thru 10/31

    Expand Post
    Selected as Best

  • Mihai Negoita - Okta (Okta, Inc.)

    Hi @User17296921910373431306 (Customer)​ , Thank you for reaching out to the Okta Community! 

     

    This is not supported. The SAML app Group Attribute Statements always reference the user. 

    In essence, it means "pass any group that is assigned to the user AND matches the following restrictions StartsWith/Contains/Equals/Regex ".  

     

    You can suggest a feature enhancement on the Okta Community page by going to the Community Ideas tab. Features suggested in our community are reviewed and can be voted and commented on by other members. High popularity will increase the likelihood of it being picked up by the Product Team and it being implemented. 

    More details here.

     

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

     

    --

    Ask Us Anything about Workflows now thru 10/31

    Expand Post
    Selected as Best

  • User17296921910373431306 (Customer)

    And the filter is only based on group name correct? Can we apply restrictions based on other group fields from the group profile?

     

    Thanks

This question is closed.
Loading
Filter groups associated with the user in SAML