Dynamic SAML Attributes

As part of Configuring SAMLAn acronym for Security Assertion Markup Language, SAML is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). The SAML standard addresses issues unique to the single sign-on (SSO) solution, and defines three roles: the end user, the IDP, and the SP. Here's how SAML works through Okta: SP-initiated flow: the end user requests (principally through a browser) a service from the SP. The SP requests and obtains an identity assertion from the IdP (in this case, Okta). On the basis of this assertion, the SP can decide whether or not to authorize or authenticate the service for the end user. IdP-initiated flow: with Okta as the IdP, an end user goes to the Okta browser and clicks on a chiclet, sending a SAMLResponse to the configured SP. A session is established with the SP, and the end user is authenticated. for new or existing OINAn acronym for the Okta Integration Network. The OIN is comprised of thousands of public, pre-integrated business and consumer applications. As an on-demand service, OIN integrations are continuously validated, always up to date, and constantly growing both in number and capability. Okta performs a single integration with an ISV or SP, providing thousands of end users with point-and-click customization for their orgs. applications, you can optionally define custom SAML Attribute Statements.

  • You can federate Okta user attributes to SAML attributes.
  • The Service Provider will use the federated SAML attribute values accordingly.
  • Attribute names must be unique. This is not just limited to group attributes, the uniqueness constraint is across all attributes, so for example you can't have a group attribute and a regular attribute with the same name.

Attribute Statements

1. Enter the Name of an Okta attribute.

2. Optionally select a Name format.

3. Enter a Value.

4. Click Add Another until you have defined all the attributes you need.

Group Attribute Statements

If your orgThe Okta container that represents a real-world organization. supports a large number of groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups., use this option to filter them into a single SAML assertion:

1. Enter a group Name.

2. Optionally select a Name format.

3. Enter a Filter. Filtering options include Starts With, Equals, Contains, and Regex expressions.

4. Click Add Another until you have defined all the groups you need.

For details on creating custom expressions, see Okta Expression Language.

Preview SAML

Click Preview SAML to display the SAML assertion that will be sent based on your Attribute Statement definitions.