Notes

  • The Role attribute is used for the Federated User Login and Amazon IAM Role SSO modes. The Role attribute may also be used as a default value for SAML 2.0 if no SAML user roles are selected.

  • The SAML user roles attribute is used for SAML 2.0 as SAML supports multiple roles. If no values are selected for SAML user roles, then a value from Role drop-down is used as a default role.

  • You can select multiple roles:

  • If you create another Identity and Access Management (IAM) role after setting up the API integration in Okta, the role is not automatically available in Okta. To get this role into Okta:

    • From the Application tab, click More and then Refresh Application Data.

      The latest roles download along with profiles and groups from apps configured for user provisioning. Okta uses this data when creating new users in those apps.