You are viewing the Kantega SSO legacy documentation. The new documentation site is: https://kantega-sso.atlassian.net/wiki/x/hwAb
Skip to end of metadata
Go to start of metadata

To send group claims from Okta, you should go into your app configurations and edit the SAML settings. The screenshot shows an example of such an app, called issues.example.com. You find the SAML settings under the general tab.


In the SAML settings you should locate GROUP ATTRIBUTE STATEMENTS (OPTIONAL), and here you can add statements with NAME "http://schemas.xmlsoap.org/claims/Group". 

Okta allows you to customize and filter which groups to include in the SAML messages, and you have the option to write STARTS_WITH, EQUALS and REGEX filters. The screenshot below shows you you can specify a regular expression that includes all group names containing "jira".


 


If you save these settings, Okta will include assertions like

<saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">jira-software-users</saml2:AttributeValue>

in its SAML response messages.


Now you can setup the Kantega SSO Enterprise app to manage Jira groups according to these group claims.  These settings are found under "Group memberships" in the Idp-configuration pages.
If we add the groups to the set of managed groups users will be added to them if they are sent from Okta and removed from them if not.




  • No labels