Group claims from Okta (SAML)

Owned by Audun Røe (Unlicensed)
Last updated: Aug 06, 2020 by Steinar Line
1 min read

To send group claims from Okta, you should go into your app configurations and edit the SAML settings. The screenshot shows an example of such an app, called issues.example.com. You find the SAML settings under the general tab.

In the SAML settings you should locate GROUP ATTRIBUTE STATEMENTS (OPTIONAL), and here you can add statements with NAME "http://schemas.xmlsoap.org/claims/Group". 

Okta allows you to customize and filter which groups to include in the SAML messages, and you have the option to write STARTS_WITH, EQUALS and REGEX filters. The screenshot below shows you you can specify a regular expression that includes all group names containing "jira".



If you save these settings, Okta will include assertions like the following in SAML responses:

<saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">jira-software-users</saml2:AttributeValue>

 

You may now configure Managed Groups in Kantega SSO.