From now on, the **service providers** who have selected the “**Ask for group membership after authentication**” option will be able to filter which of these should be selectable with the attribute "**Script to filter out group memberships**".
### Bear in mind Please note the following points: - The **holder groups** **must be** correctly **configured** in Soffid. - If there is only **one** possible **holder group**, it is **selected automatically** and is not displayed to the user. ### How to configure it? The following **components** must be installed: - Addon federation 4.0.25 (or higher) ### Let's look at an example Let’s look at an example, here we have the user "**user4**" who has already set up the **holder groups**. [](https://bookstack.soffid.com/uploads/images/gallery/2026-05/JpAKXBOb9tYRKvLA-image.png) We had a **service provider** that was already selected the option "**Ask for group membership after authentication**". [](https://bookstack.soffid.com/uploads/images/gallery/2026-05/kP8QV9hPqFVt8sdA-image.png) The holder groups have several **custom attributes** (startDate, endDate and status). [](https://bookstack.soffid.com/uploads/images/gallery/2026-05/jSgdoRMeh0qAllS1-image.png) We now want to **filter** the **holder groups** with the attibute **status** with the **Active** value. [](https://bookstack.soffid.com/uploads/images/gallery/2026-05/YqrDoi5j8iFQ3WLV-image.png) So we're going to create a script in the "**Script to filter out group memberships**" of the service provider. [](https://bookstack.soffid.com/uploads/images/gallery/2026-05/9PjFDOz2srel64TD-image.png) This is the script. ``` // Return the groups whose “status” attribute has the value "Active" // l = new java.util.ArrayList(); lug = serviceLocator.getGroupService().findUsersGroupByUserName(user.userName); for (i=0; i