I’m new to Okta and I’m trying to figure out how to send group attributes in the access token.
My use case is that I want to be able to define a custom group attribute which is then set for every user who is assigned to the group.
For example, I define a custom group attribute entityIdentifier.
Then I create two groups: com1 and com2.
I set entityIdentifier of com1 to be 12345 and entityIdentifier of com2 to be 67890.
I have an SPA app created with both groups assigned.
I want a user assigned to group com1 to include entityIdentifier 12345 in the access token when that user logs on the the SPA app. And similarly a user assigned to group com2 to include entityIdentifier 67890 when that user logs on to the app.
I have tried creating a custom app attribute entityId.
But I can’t figure out how to map from the group attribute entityIdentifier to the app attribute entityId.
I’ve also tried creating a custom scope, entity, and a custom claim: entityId.
But, again, I can’t figure out what to enter in the claim value field.
The expression language page only seems to give options for including the names of groups, rather than other group attributes.
Can anyone suggest what I’m missing?