Define group attribute statements
This is now considered the legacy configuration. If you want to update your existing legacy group attribute statements, and do not want to migrate them to the new claims management feature, follow the steps in this topic. Otherwise, see Configure custom claims for app integrations.
To define group attribute statements using the legacy configuration:
- Click to open a SAML app.
- Select the Sign On tab.
- In the Attributes Statements section, expand Show legacy configuration.
- Click Edit
- Enter a Name for the group attribute in your SAML app.
- Select a Name format. This is the format that the Name attribute is provided to your app.
- Unspecified: This can be any format defined by the Okta profile. Your app must be able to interpret this format.
- URI Reference: The name is provided as a Uniform Resource Identifier string.
- Basic: A simple string. This is the default format.
- Choose a Filter option for your expression (Starts with, Equals, Contains, Matches regex).
Okta doesn't impose a limit on the number of attributes that you can include in a SAML assertion. However, the target app or browser may reject large SAML payloads. Keep the number of attributes to a minimum and provide only those needed by the target app.
- Enter the expression to match against Okta GroupName values and add to the SAML assertion. Create an expression of up to 1024 characters using Okta Expression Language.
- Optional. Click Add Another, and then repeat steps 2–4 to add another attribute.
The Dynamic SAML feature enables apps in the Okta Integration Network to process SAML attribute statements. Previously, the attribute statements were only available for apps created using the App Integration Wizard. This feature doesn't change how you enter attribute statements in the Okta Expression Language or how the statements are processed.