How to get AD groups in id_token?

Hello !

I try to get active directory groups in the id_token. How to do this ?

I have already okta groups with claims in my application but i need the ad groups.

Do i change the groups claims filter ?

Thanks in advance !

In this post : Example of adding AD groups to groups claim in access token

They talk about getFilteredGroups, how use it ?

1 Like

Here’s the documentation for getFilteredGroups:

@john.gronberg may be able to help here too.

1 Like

We’ve also got a how-to guide here:

@nate.barbettini FYI

1 Like

Thx for your response.

My company don’t have any authorization server in OKTA.
My local admin can’t create a custom authorization server, he don’t have any menu for this in the admin website.

For the id_token i have to use this url : https://${okta.urlOrga}/oauth2/v1/authorize?
&scope=openid email groups

I have the api token to add claims but i don’t have the permission.

Can i have get ad groups in the id_token without a custum authorization server ?

No, sorry.

You need a custom authorization server to customize the claims returned in the token. That’s what a custom AS is for.

Yes you can get the AD groups without having the custom authorization server and API access management license.