Generate federated claims
Early Access release. See Enable self-service features.
This topic describes how to configure your Security Assertion Markup Language (SAML) and OpenID Connect (OIDC) federated app integrations to pass entitlements as custom claims in SAML assertions and OIDC ID tokens.
Before you begin
Verify that these features are activated in your org:
- Identity Governance
- Entitlement SAML Assertions and OIDC Claims
Ensure that you've already created a custom SAML or OIDC app. See Create SAML app integrations or Create OpenID Connect app integrations.
Start this procedure
- Open a SAML or OIDC app. Click .
- In the Identity Governance section, click Edit.
- From the Governance Engine dropdown menu, select Enabled.
- Click Save. The Governance tab appears on the app page.
- Add an entitlement. See Create entitlements for instructions.
- Assign the app to individuals or groups. See the Assignments section in Configure settings for app integrations for instructions.
- On the app's page, select the Sign On tab.
If you have the Identity Threat Protection (ITP) feature enabled for your org, select the Authentication tab.
- In the SAML Attributes or Claims section, depending on your app type, click Add expression and then give the entitlement claim a name. See Okta Expression Language in Okta Identity Engine.
- Click Save.