<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z0000AJF4NNCQ1Okta Classic EngineSingle Sign-OnAnswered2025-02-13T08:54:22.000Z2025-02-09T05:48:10.000Z2025-02-13T08:54:22.000Z

RajaR.78546 (Customer) asked a question.

February 9, 2025 at 5:48 AM
Group claims mapping from Azure AD as IDP and okta as SP

Hi All,

I am using Azure AD(SSO) IDP for Okta as SP, Azure team created a group claim attribute to share the membership details to okta, as I am a okta admin, we have no dedicated application inside okta. Instead we configured Identity Provider using SAML 2.0 to integrate with Azure Ad for SSO.

 

here, how can I mapp the group claim into okta (Azure Identity Provider SAML 2.0) while user SSO ? I see only profile attribute mapping options between okta and Azure. More than that I didn’t see any other.

 

please advise me what are the way to mapp the group claim into okta.

 

 

  • 3 answers
  • 454 views
RajaR.78546 likes this.

  • Mihai Negoita - Okta (Okta, Inc.)

    Hi @RajaR.78546 (Customer)​ , Thank you for reaching out to the Okta Community! 

     

    Please check out this article about How to Use the Optional JIT Setting Group Assignments with Azure IdP.  

     

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

     

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Expand Post
    Selected as Best

  • Mihai Negoita - Okta (Okta, Inc.)

    Hi @RajaR.78546 (Customer)​ , Thank you for reaching out to the Okta Community! 

     

    Please check out this article about How to Use the Optional JIT Setting Group Assignments with Azure IdP.  

     

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

     

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Expand Post
    Selected as Best

    • RajaR.78546 (Customer)

      Hi @Mihai Negoita - Okta (Okta, Inc.)​ 

      Thank you, this is what I am searching for, today I have explored till point no. 8 without any doubt. Here I have an Azure AD group claim attribute "groups" and I am able to get the group ID in the assertion response after user SSO. But In the Okta side IDP configurations when I set Create new user (JIT) > as below.

       Okta SP:

       

      Okta JIT Group Assignment

       

      Azure AD IDP:

       

      Azure AD Group claim setup 

      I am unable to get the group claim and assignment to the created group after setting up in okta.

       

      Below is the SAML Assertion response

      <Attribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/groups">

      <AttributeValue>131a2ca3-1b89-4365-9b1b-4df0e3d7becf</AttributeValue>

      <AttributeValue>3e30a8b2-e776-4816-a8b4-679df3152334</AttributeValue>

      <AttributeValue>af7ea8f5-7fbd-4bc7-b89c-b251c4db3284</AttributeValue>

      <AttributeValue>3acf5ff7-f36e-4fa0-ac9a-1b690fbc6b8b</AttributeValue>

      <AttributeValue>607f339b-7732-41f1-b562-5a6044c3adcb</AttributeValue>

      </Attribute>

      Expand Post
This question is closed.
Loading
Group claims mapping from Azure AD as IDP and okta as SP