How to get user's groups in the SAML assertion

How can I get the groups of the user in the SAML authn response?

Hi @YochaiG

You can get groups inside SAML assertions by going to General tab >> SAML Settings >> Edit >> Next and fill GROUP ATTRIBUTE STATEMENTS (OPTIONAL) section.

Here’s an example to retrieve Okta groups:

image

For AD or app groups, you would need to leverage one of the group functions available here that returns array.

Tnx, Dragos!

Unfortunately I cannot find the SAML Settings in Applications >> General tab. See the screen capture attached. Maybe I’m looking at the wrong place?

Hi @YochaiG

Thanks for providing the screenshot. It seems that the application was integrated through OIN. Can you please open a support ticket with us at support@okta.com in order to further review the integration?

The easiest solution would be to create a custom SAML app to connect to service provider and, in the SAML assertion, pass the groups.