Groups claim update for SAML

packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/saml2/prep.md

@@ -25,6 +25,8 @@ In a SAML integration, Okta is the Identity Provider (IdP), and your app is the
 1. Determine the default assertion consumer service (ACS) URL for your integration. This is often referred to as the SP sign-in URL. This is the endpoint on your app where the SAML responses are posted.
 1. Find your audience URI. This is sometimes referred to as the SP entity ID or the entity ID of your app.
 1. Set up a default relay state page, where users land after they successfully sign in to the SP using SAML. This must be a valid URL. (Optional)
-1. Gather any required SAML attributes. You can share Okta user profile values as SAML attributes with your app.
+1. Gather any required SAML attributes that are relevant to the target app. You can share Okta user profile values or group memberships as SAML attributes with your app.
 
-**Note:** SAML integrations must use SHA256 encryption for security. If you're using SHA-1 for encryption, see our guide on how to [Upgrade SAML Apps to SHA256](/docs/guides/updating-saml-cert/).
+>**Notes:** Okta doesn't impose a limit on the number of attributes that you can include in a SAML assertion. However, the target app or browser may have issues or even reject large SAML payloads. Okta recommends that you keep the number of attributes to a minimum and include only those necessary for the app.
+>
+>SAML integrations must use SHA256 encryption for security. If you're using SHA-1 for encryption, see our guide on how to [Upgrade SAML Apps to SHA256](/docs/guides/updating-saml-cert/).