Pritunl VPN with Okta groups

Hey, is there an option to use Okta groups to access control in Pritunl VPN?
If the answer is no - is there an option to attach multiple users to a static group from CLI instead of one by one in GUI ?


The Okta documentation explains how to configure setting the Pritunl organization from Okta.

Pritunl user groups can also be used by setting the groups SAML attribute with a comma separated list. When using user groups the groups option in the server settings must also be configured. Once user groups are configured a user must have a matching organization and group when connecting to a server.

Do you have an example on how to add a comma separated list of groups in Okta?
I’ve been trying and it always sends only 1 group.

The Okta Expression Language documentation has more information.

Hey this solution provide to me by Okta support and it works:

  1. Firstly, you will need to create a custom attribute under Directory → Profile Editor → Profile (The one next to your application) → Add Attribute -->type:string array, name: groups, scope: user personal

  2. You will need to create a mapping between Okta and the application. So go to the mappings of the app, select Okta to App and use the following expression:

String.join(“,”, isMemberOfGroupName(“Group1”) ? ‘Group1’ : ‘’, isMemberOfGroupName(“Group2”) ? ‘Group2’ : ‘’, isMemberOfGroupName(“Group3”) ? ‘Group3’ : ‘’)

You will need to adapt the expression based on your groups.

  1. Under the Sign On tab of the application, under “Attribute Statements”, you will need to add a new attribute and for Value, you will need to enter the same expression that you used at step 2

Good luck.