Define attribute statements

In the Attribute Statements (optional) section of the Create SAML Integration page, do the following:

  1. Enter a Name for the attribute. Your application uses this name to reference this attribute. The maximum length for this field is 512 characters. The name must be unique across all user and group attribute statements.
  2. Select a Name Format. This is the format that the Name attribute is provided to your application.
    • Unspecified: This can be any format defined by the Okta profile. Your application must be able to interpret this format.
    • URI Reference: The name is provided as a Uniform Resource Identifier string.
    • Basic: A simple string. This is the default format.
  3. Enter a Value for the attribute defined by the Name element. Admins can create custom expressions (using Okta Expression Language) to reference values in the Okta user profile. The maximum length for this field is 1024 characters.
  4. Optional. Click Add Another to add a statement row, and then repeat steps 1–3 to define an attribute statement.

After you add your attribute statements and create your SAML integration, you need to update the profile using the Profile Editor.

The Dynamic SAML feature enables apps in the Okta Integration Network to process SAML attribute statements. Previously, the attribute statements were only available for apps created using the App Integration Wizard. This feature doesn't change how you enter attribute statements in Okta Expression Language, or how the statements are processed.

Update profile with attribute statements

  1. In the Admin Console, go to DirectoryProfile Editor.
  2. Find the integration that you created and click its name in the Profile column.
  3. Click Add Attribute.
  4. Complete the form with appropriate values for the attribute. Click Save to continue or Save and Add Another to create another attribute.
  5. In the Admin Console, go to ApplicationsApplications. Click the app name.
  6. Click the General tab. Then click Edit in the SAML Settings section.
  7. Click Next.
  8. In the Attribute Statements (Optional) section, enter the name of the attribute you created in step 3. This doesn't automatically populate the value dropdown box. For the Value, enter appuser, a period, and the attribute name. For example, if your attribute is named NewRole, enter the value appuser.NewRole.
  9. Click Next, and then click Finish.
  10. On the Applications page, click the integration name, and then click the Assignments tab. Click Assign, and then select Assign to Groups. Assign the app to a group by clicking Assign to the right of the group. You can verify these assignments with a SAML tracer.
  11. Click Done.

Related topics

Application Integration Wizard SAML field reference

Create SAML app integrations