Scenario: you want to map existing groups from AD or Okta to roles in Veracode during SSO via SAML.
Then you have to create a mapping with Okta’s Expression Language as you have to provide the user roles in the roles attribute as a comma-separated list of values, see documentation:
Comma-separated list of valid Veracode roles. If not provided here, you must specify the default user roles using SAML assertion data.
Out of scope for this blog post: Create the Veracode SAML app in Okta (you can use the Okta OIN Veracode app.)
Create a new attribute (name of your choice, will be mapped later in the application; my example uses ‘roles’) in the corresponding app in the Profile Editor. (String)
After that create a mapping:
Note: You see that you get multiple commas when there are no matching groups. This is in a lot of applications no problem – works fine with Veracode.
Finally map the created attribute in the App config: