Get authorization (roles, permissions) okta after authentication with OKTA saml

I have a web application that works as a SAML service provider using Okta as the identity provider. MFA active, and the authentication process working, now I need to obtain the roles and permissions configured in okta for the app, but I have found that I must create a saml assertion for this, that is not compatible with the previous configuration that I have of the authentication?