Custom Auth Server Not Returning AD Groups In Token

ntalbot77 · May 31, 2023, 5:12pm

I have created a claim on a custom auth server entitled groups and used the info found at the link below to create the expression for both okta and active directory groups…When I preview the token, it only shows the Okta group “Everyone” and none of the numerous okta synced AD groups this user is in, hoping someone would have some insight on how to get the AD groups in the Token

https://support.okta.com/help/s/article/Can-we-retrieve-both-Active-Directory-and-Okta-groups-in-OpenID-Connect-claims?language=en_US&_ga=2.144090293.1206135238.1685469914-2002163869.1681849799&_gac=1.207824294.1682530598.EAIaIQobChMIvp6a7IrI_gIV_BXUAR3hxQt7EAAYASAAEgKMUPD_BwE

Sherry · May 31, 2023, 5:20pm

What’s the exact expression you’re using?

ntalbot77 · May 31, 2023, 5:23pm

I tried with both “APP_” and “” and neither works,

Arrays.isEmpty(Arrays.toCsvString(Groups.startsWith(“active_directory_bibfbc8”,“APP_”,100))) ? Groups.startsWith(“OKTA”,“”,100) : Arrays.flatten(Groups.startsWith(“OKTA”,“”,50),Groups.startsWith(“active_directory_bibfbc8”,“APP_”,50))

ntalbot77 · May 31, 2023, 5:37pm

I took the profile number out of the query, the “bibfbc8” and just use active_directory and its now working, thanks for reaching out

Post		Replies	Views
How to get AD groups in id_token? OAuth/OIDC	7	11535	November 26, 2018
AD user not showing any AD groups? OAuth/OIDC	5	7743	November 20, 2018
Can't make access token show groups claim Questions	4	3424	October 7, 2020
Adding Active Directory Group Name Membership in ID Token Questions	2	6089	July 3, 2018
How to get AD groups using OIDC with "groups" scope and Regex ".*" groups filter OAuth/OIDC	6	7683	January 13, 2024

Custom Auth Server Not Returning AD Groups In Token

Related topics