Subject
Syncing groups between OKTA and Artifactory
Instructions
After configuring SAML SSO you will probably want to sync your SAML groups with Artifactory.
(This feature is available for Artifactory 5.3.0 and above)
To sync the groups:
In OKTA go to the Admin panel
Then to the application SAML settings
Under “GROUP ATTRIBUTE STATEMENTS” we will configure the following:
Name - The name of the group attribute that will be read from the SAML XML response.
Filter - SAML groups that match the filter (in this case Regex for any group with Artifactory in its name.
On Artifactory side, connect as an admin user, and navigate to Administration Module => User Authentication => SAML SSO. Check the “Auto Associate Groups” box (This will associate the users with all the groups that are returned in the SAML login response in addition to any groups that the user is associated to.), and pass the Groups Attribute that was configured beforehand:
Important notes
-
The user will be associated with groups that already exist in Artifactory, the integration will not create new groups. -
The association with the groups is valid only for the current session.