What fields do you have in Okta that you want to use for this?
The usual approach is to configure Okta to send a list of groups or teams within the SAML assertion, and them map those teams to Elasticsearch roles.
That prevents internal ES role names from being embedded in Okta configuration - the on-wire protocol represents your organisational structure and ES knows how to map your org structure into specific roles.
You can, however, send actual role names across to ES and automatically assign them to users if you want to align your ES role names to a set of names that exist in Okta.
The Create role mappings API docs have examples of both options.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.