Instructions

ARTIFACTORY: How to sync your OKTA SAML groups with Artifactory

AuthorFullName__c
Hanan Kemelman
articleNumber
000004883
ft:sourceType
Salesforce
FirstPublishedDate
2020-11-05T10:41:49Z
lastModifiedDate
2024-07-11
VersionNumber
9

After configuring SAML SSO you will probably want to sync your SAML groups with Artifactory.
(This feature is available for Artifactory 5.3.0 and above)

 

To sync the groups:

In OKTA go to the Admin panel
 

User-added image


Then to the application SAML settings

User-added image
 

Under “GROUP ATTRIBUTE STATEMENTS” we will configure the following:

Name - The name of the group attribute that will be read from the SAML XML response.

Filter - SAML groups that match the filter (in this case Regex for any group with Artifactory in its name.
 

User-added image

On Artifactory side, connect as an admin user, and navigate to Administration Module => User Authentication => SAML SSO. Check the “Auto Associate Groups” box (This will associate the users with all the groups that are returned in the SAML login response in addition to any groups that the user is associated to.), and pass the Groups Attribute that was configured beforehand:

User-added image