Hello !
I try to get active directory groups in the id_token. How to do this ?
I have already okta groups with claims in my application but i need the ad groups.
Do i change the groups claims filter ?
Thanks in advance !
Hello !
I try to get active directory groups in the id_token. How to do this ?
I have already okta groups with claims in my application but i need the ad groups.
Do i change the groups claims filter ?
Thanks in advance !
In this post : Example of adding AD groups to groups claim in access token
They talk about getFilteredGroups, how use it ?
Here’s the documentation for getFilteredGroups
: https://okta.github.io/reference/okta_expression_language/#getfilteredgroups-details
@john.gronberg may be able to help here too.
We’ve also got a how-to guide here: https://developer.okta.com/docs/how-to/creating-token-with-groups-claim.html
@nate.barbettini FYI
Thx for your response.
My company don’t have any authorization server in OKTA.
My local admin can’t create a custom authorization server, he don’t have any menu for this in the admin website.
For the id_token i have to use this url : https://${okta.urlOrga}/oauth2/v1/authorize?
client_id=${okta.clientId}
&response_type=id_token
&nonce=1234567
&scope=openid email groups
&state=test
&redirect_uri=${window.location.href}`
I have the api token to add claims but i don’t have the permission.
Can i have get ad groups in the id_token without a custum authorization server ?
No, sorry.
You need a custom authorization server to customize the claims returned in the token. That’s what a custom AS is for.
Yes you can get the AD groups without having the custom authorization server and API access management license.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.