--- title: "Set Up SAML Group Mapping with Okta" slug: "set-up-saml-group-mapping-with-okta" updated: 2025-04-04T09:35:22Z published: 2025-04-04T09:35:22Z --- > ## Documentation Index > Fetch the complete documentation index at: https://traceabledocs.document360.io/llms.txt > Use this file to discover all available pages before exploring further. # Set Up SAML Group Mapping with Okta This topic explains how to configure SAML-based Single Sign-On (SSO) with Okta and set up group mapping so that Traceable can automatically assign user roles based on their Okta group membership. This guide is intended for administrators configuring Traceable as a SAML service provider using Okta as the identity provider. --- ## Before You Begin Ensure you have the following: - Admin access to your Okta tenant. - The Traceable application has already been added to your Okta instance. - Group names are already defined in Okta for different sets of users. - Admin access to the Traceable UI to configure the SAML Group Attribute and role mapping. --- ## Step 1: Configure the Okta Application 1. In the Okta Admin Console, go to **Applications → Applications** 2. Locate and click the **Traceable** application 3. Open the **General** tab 4. Scroll down to the SAML Settings section and click **Edit** 5. Proceed through the wizard until you reach **Attribute Statements** (Optional) 6. Add a new attribute to include group information: - Name: `groups` - Name format: Unspecified - Filter: Choose either: - Starts with (e.g., `Traceable`) — to send only groups that begin with a particular prefix - Or, Equals — to send a specific group - Click **Next**, then **Finish**. This step ensures that group data is included in the SAML assertion sent to Traceable. --- ## Step 2: Test and Extract the Group Attribute Name 1. Go to the **Sign On** tab of the Traceable app in Okta. 2. Scroll to the **SAML Signing Certificates** section. 3. Click **View Setup Instructions** or use a tool like SAML-tracer to test the login flow. 4. Check the decoded SAML response and verify that the group information is included: ```xml  Dev Team ``` Note down `groups` as the Group Attribute Name and values such as `Dev Team` as group values. --- ## Step 3: Map Groups to Roles in Traceable 1. In the **Traceable UI**, go to **Configuration → Team** 2. Click the **SAML Config** tab 3. In the Group Attribute Name field, enter `groups` 4. Click **+ Add Group** to define role mappings: - **SAML Group**: Enter a group value like `Dev Team` - **Role**: Select the appropriate Traceable role (e.g., Developer) - **Scope**: Define whether the role applies globally or to a specific app/project 5. Click **Add Role**, then **Save**. --- ## What’s Next? After setup: - Users logging in via Okta SSO will automatically receive roles based on group membership - You can edit or remove group-role mappings anytime in the Traceable UI Return to the [SAML Configuration](/docs/saml-configuration) topic to continue with the rest of the SAML configuration process.