Veracode SAML (Single-Sign-On, SSO) with Okta: Roles and Teams assignment

Scenario: you want to map existing groups from AD or Okta to roles in Veracode during SSO via SAML.

Then you have to create a mapping with Okta’s Expression Language as you have to provide the user roles in the roles attribute as a comma-separated list of values, see documentation:

Comma-separated list of valid Veracode roles. If not provided here, you must specify the default user roles using SAML assertion data.


Out of scope for this blog post: Create the Veracode SAML app in Okta (you can use the Okta OIN Veracode app.)

Create a new attribute (name of your choice, will be mapped later in the application; my example uses ‘roles’) in the corresponding app in the Profile Editor. (String)


After that create a mapping:


String.join(",", isMemberOfGroupName("Sales") ? 'Sales' : '',  isMemberOfGroupName("Accounting") ? 'Accounting' : '',  isMemberOfGroupName("Asa-Users") ? 'ASA_Users' : '',  isMemberOfGroupName("AWS Users") ? 'AWS' : '')


Preview example:

Note: You see that you get multiple commas when there are no matching groups. This is in a lot of applications no problem – works fine with Veracode.


Finally map the created attribute in the App config:




No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *