You can use Okta Expression Language Group Functions with dynamic whitelists. Three Group functions help you use dynamic group whitelists:
endsWith. These functions return all of the Groups that match the specified criteria without needing to have Groups specified in the app.
You can use this function anywhere to get a list of Groups of which the current user is a member, including both User Groups and App Groups that originate from sources outside of Okta, such as from Active Directory and Workday. Additionally, you can use this combined, custom-formatted list for customizable claims into access and ID tokens that drive authorization flows. All three functions have the same parameters:
|app||Application type or App ID||FALSE|
|limit||Maximum number of Groups returned. Must be a valid EL expression and evaluate to a value between 1 to 100.||FALSE|
You can use a dynamic group whitelist with both the Okta Org Authorization Server and a Custom Authorization Server: