Skip to main content

Veracode SAML (Single-Sign-On, SSO) with Okta: Roles and Teams assignment

Scenario: you want to map existing groups from AD or Okta to roles in Veracode during SSO via SAML.

Then you have to create a mapping with Okta’s Expression Language as you have to provide the user roles in the roles attribute as a comma-separated list of values, see documentation:

https://help.veracode.com/r/about_saml_selfregister

Comma-separated list of valid Veracode roles. If not provided here, you must specify the default user roles using SAML assertion data.

 

Out of scope for this blog post: Create the Veracode SAML app in Okta (you can use the Okta OIN Veracode app.)


Create a new attribute (name of your choice, will be mapped later in the application; my example uses ‘roles’) in the corresponding app in the Profile Editor. (String)

 

After that create a mapping:

 

String.join(",", isMemberOfGroupName("Sales") ? 'Sales' : '',  isMemberOfGroupName("Accounting") ? 'Accounting' : '',  isMemberOfGroupName("Asa-Users") ? 'ASA_Users' : '',  isMemberOfGroupName("AWS Users") ? 'AWS' : '')

 

Preview example:

Note: You see that you get multiple commas when there are no matching groups. This is in a lot of applications no problem – works fine with Veracode.

 

Finally map the created attribute in the App config:

 

 

Leave a Reply

Your email address will not be published.