I have registered a web application using SAML-based authentication and successfully received the proper assertion. I then created three groups: Superuser Group, Translator User Group, and Manager Group, each with a custom attribute userRole having the enum values SUPERUSER, TRANSLATOR, and MANAGER respectively. Based on the group, I assigned a default value to the members of the group, e.g., members of the Superuser Group have a default userRole value of SUPERUSER, and so on.
I assigned all three groups to my application. Later, I added the attribute appuser.userRole in the SAML settings to access it in the assertion. However, when I clicked the button to check the assertion, I received the error: “Admin is not assigned to this app instance from Okta for group access.”
Thank you for reaching out here on the Okta Developer Forum. We noticed that your question is more closely related to SAML applications. To ensure you receive the most accurate and timely assistance, we recommend reposting your query on Okta’s Community at: Okta Help Center (Lightning)
Okta’s teams on the Community are better equipped to provide the comprehensive support and guidance you need as they have the specialised knowledge and expertise in SAML.
We appreciate your understanding and are committed to ensuring you receive the best possible support. If you have any other questions or issues related to Okta’s developer tools and API’s, feel free to post them here, and we’ll be happy to assist!