On This Page

You can create a dynamic or static whitelist when you need to set group whitelists on a per-app basis using both the Org Authorization Server and a Custom Authorization Server. For example, you have a large number of Groups and every time a Group claim is created, you don't want to run through all of your Groups if only 20 Groups apply to your app. This process optionally uses Okta's flexible app profile, which accepts any JSON-compliant content, to create a whitelist of Groups that can then easily be referenced.

Additionally, you can add a Groups claim to ID tokens for any combination of App Groups and User Groups to perform single sign-on (SSO) using the Okta Org Authorization Server. You can also add a Groups claim to ID tokens and access tokens to perform authentication and authorization using a Custom Authorization Server.

This guide assumes that you:


If you need help or have an issue, post a question in our Developer Forum.