Define group attribute statements
These options appear in different places depending on which Okta features you've enabled:
- If you've enabled the Early Access Entitlement SAML Assertions and OIDC Claims feature, this option appears when you edit your app integration. Open a SAML app, and then select the Sign On tab, or the Authentication tab if you've enabled the Identity Threat Protection feature. Click Edit in the SAML Attributes section, and then continue with the procedure.
- If you haven't enabled the Entitlement SAML Assertions and OIDC Claims feature, this option appears when you create your app integration. Create a new SAML app, and then complete the fields shown in the procedure in the Attribute Statements (optional) section of the Create SAML Integration page.
Start this procedure
- Enter a Name for the group attribute in your SAML app.
- Select a Name format. This is the format that the Name attribute is provided to your app.
- Unspecified: This can be any format defined by the Okta profile. Your app must be able to interpret this format.
- URI Reference: The name is provided as a Uniform Resource Identifier string.
- Basic: A simple string. This is the default format.
- Choose a Filter option for your expression (Starts with, Equals, Contains, Matches regex).
- Enter the expression to match against Okta GroupName values and add to the SAML assertion. Create an expression of up to 1024 characters using Okta Expression Language.
- Optional. Click Add Another, and then repeat steps 2–4 to add another attribute.
The Dynamic SAML feature enables apps in the Okta Integration Network to process SAML attribute statements. Previously, the attribute statements were only available for apps created using the App Integration Wizard. This feature doesn't change how you enter attribute statements in the Okta Expression Language or how the statements are processed.