Custom Auth Server Not Returning AD Groups In Token

ntalbot77 · May 31, 2023, 5:12pm

I have created a claim on a custom auth server entitled groups and used the info found at the link below to create the expression for both okta and active directory groups…When I preview the token, it only shows the Okta group “Everyone” and none of the numerous okta synced AD groups this user is in, hoping someone would have some insight on how to get the AD groups in the Token

https://support.okta.com/help/s/article/Can-we-retrieve-both-Active-Directory-and-Okta-groups-in-OpenID-Connect-claims?language=en_US&_ga=2.144090293.1206135238.1685469914-2002163869.1681849799&_gac=1.207824294.1682530598.EAIaIQobChMIvp6a7IrI_gIV_BXUAR3hxQt7EAAYASAAEgKMUPD_BwE

Sherry · May 31, 2023, 5:20pm

What’s the exact expression you’re using?

ntalbot77 · May 31, 2023, 5:23pm

I tried with both “APP_” and “” and neither works,

Arrays.isEmpty(Arrays.toCsvString(Groups.startsWith(“active_directory_bibfbc8”,“APP_”,100))) ? Groups.startsWith(“OKTA”,“”,100) : Arrays.flatten(Groups.startsWith(“OKTA”,“”,50),Groups.startsWith(“active_directory_bibfbc8”,“APP_”,50))

ntalbot77 · May 31, 2023, 5:37pm

I took the profile number out of the query, the “bibfbc8” and just use active_directory and its now working, thanks for reaching out