Currently, our TestCo Okta is able to pass ‘testrole’ with one of a few different values, e.g. ‘admin’ or ‘user.’ If a user has multiple ‘testrole’ attributes (based on group membership) then Okta has a precedence order that determines which one ‘testrole’ value it will return.
We need to be able to handle passing a list of roles from IdP to Cognito to our API. For example, a string of ‘admin, user, readonly, section-admin’. So adding a claim inside the ‘authorized servers’ --> default won’t work for us.
Hi Govner, I’m an absolute beginner at Okta and got handed resolving this issue by our tech lead. I’m sorry for my ignorance, but where would I apply that at? And it will get all the roles from whatever groups the user may be in and pass them as a list in the SAML?