Including custom group attributes in a claim

Hi,
I’m new to Okta and I’m trying to figure out how to send group attributes in the access token.
My use case is that I want to be able to define a custom group attribute which is then set for every user who is assigned to the group.

For example, I define a custom group attribute entityIdentifier.
Then I create two groups: com1 and com2.
I set entityIdentifier of com1 to be 12345 and entityIdentifier of com2 to be 67890.
I have an SPA app created with both groups assigned.
I want a user assigned to group com1 to include entityIdentifier 12345 in the access token when that user logs on the the SPA app. And similarly a user assigned to group com2 to include entityIdentifier 67890 when that user logs on to the app.

I have tried creating a custom app attribute entityId.
But I can’t figure out how to map from the group attribute entityIdentifier to the app attribute entityId.

I’ve also tried creating a custom scope, entity, and a custom claim: entityId.
But, again, I can’t figure out what to enter in the claim value field.
The expression language page only seems to give options for including the names of groups, rather than other group attributes.

Can anyone suggest what I’m missing?
Thanks,
Jaimie

Groups functions, used to create your groups claim, can only match against the group name or a list of group ids, not group attributes.

Something you could look into doing to get the needed groups in your tokens would be Token Inline Hooks, where Okta will make a synchronous request to the endpoint your specify and that endpoint will return a list of commands for how the token should be altered before it is issued. Your endpoint could then have its own logic to determine which groups should be included in a token claim and then insert that claim into the token.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.