Of course. The first link in the provided answer walks you through setting up groups or a custom scope with Okta via the API. If you’d like to use the UI to set this up:
Note: This requires the Classic UI. You can toggle the view by looking for the gear icon on the upper left of your admin view.
- Navigate over to your app in Okta
- Click on the Sign On tab
- Under OpenID Connect ID Token, click on Edit
- Change the Group claim filter to Regex with the value
.*
- Change the Group claim filter to Regex with the value
This will allow return User groups when the groups scope is requested during authorization.
For adding custom scopes, you can use the Developer Console.
- Navigate to API > Authorization Servers
- Click on the Scopes tab
- Select Add Scope
Similar to groups, you need to request this custom scope during authorization for it to appear in the tokens.
For adding custom claims:
- Navigate to API > Authorization Servers
- Click on the Claims tab
- Select Add Claim
- Choose a Name for your custom claim, then map it using the Okta Expression Language.
- Ex:
appuser.username
Does that make sense?