How to get user's groups in the SAML assertion

YochaiG · November 3, 2019, 11:08am

How can I get the groups of the user in the SAML authn response?

dragos · November 4, 2019, 1:11am

You can get groups inside SAML assertions by going to General tab >> SAML Settings >> Edit >> Next and fill GROUP ATTRIBUTE STATEMENTS (OPTIONAL) section.

Here’s an example to retrieve Okta groups:

For AD or app groups, you would need to leverage one of the group functions available here that returns array.

YochaiG · November 4, 2019, 5:46am

Tnx, Dragos!

Unfortunately I cannot find the SAML Settings in Applications >> General tab. See the screen capture attached. Maybe I’m looking at the wrong place?

dragos · November 4, 2019, 5:51am

Hi @YochaiG

Thanks for providing the screenshot. It seems that the application was integrated through OIN. Can you please open a support ticket with us at support@okta.com in order to further review the integration?

The easiest solution would be to create a custom SAML app to connect to service provider and, in the SAML assertion, pass the groups.

Post		Replies	Views
Return Saml groups of a User SAML	6	3980	May 8, 2020
Need to pass a substring of Okta groups name on SAML assertion Questions	2	3525	August 12, 2021
Okta Group SAML assertion to Application Groups/ Roles SAML	2	3826	December 18, 2019
Getting the user and groups associated with a user OAuth/OIDC	2	5135	August 16, 2022
Get user's groups in OIN OIDC application Questions	2	2278	February 12, 2024

How to get user's groups in the SAML assertion

Related topics