Probable Cause:
Okta is not configured to send group/role claims, or the miniOrange plugin’s role mapping is not aligned with the claim sent by Okta.
Solution:
- In Okta Admin → Applications → your WordPress app → Sign On → Edit.
- Under Attribute Statements, add:
- Name: groups
- Expression: user.getGroups (eg.xyz)
- Save the application settings.
- In WordPress → miniOrange SAML SSO → Role Mapping, map the incoming group values to WordPress roles.
- Save and test with a user who belongs to the group.
Still need help?
Contact us at samlsupport@xecurify.com
