Prerequisites
Select Role Management > Authentication Management and ensure the Role-Based Claims option is enabled for the customer. If it is not already enabled, enable it.
Procedure
To Configure Role-Based Claims
In the Okta SSO app, configure role mapping to send built-in or custom administration role names (without spaces) to the
approlestring array attribute in the SAML response. To achieve this, navigate to Profile Editor → Okta Alta SSO App (Veritas SSO User) and add a string array attribute to the user profile. Refer to the sample screenshots below:
Map the required role names (defined in Manage) to the string array attribute created earlier. Do this by providing the values during user assignment to the app or by editing the user profile for the app to include these values.
Roles defined in Manage
Providing the values during user assignment to the app
Or, editing the user profile for the app to add these values
Update attribute mapping in the Okta SSO app by navigating to Applications → SSO App (Veritas SSO).
Edit the app configuration to map the user profile attribute to the
approleSAML response attribute.
Verify the configuration by ensuring the SAML response after SSO login includes the role names in the
approleattribute. Confirm that the account role user in Manage receives the corresponding roles sent in the SAML response.
Account Role user
SSO login for the user
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.