diff --git a/configs/development.py b/configs/development.py
index 61df886..a867812 100644
--- a/configs/development.py
+++ b/configs/development.py
@@ -148,6 +148,10 @@ SAML_ENABLED = False
 
 # #SAML_ASSERTION_ENCRYPTED = True
 
+# Some IdPs, like Okta, do not return Attribute Statements by default
+# Set the following to False if you are using Okta and not manually configuring Attribute Statements
+# #SAML_WANT_ATTRIBUTE_STATEMENT = True
+
 # Remote authentication settings
 
 # Whether to enable remote user authentication or not
diff --git a/powerdnsadmin/services/saml.py b/powerdnsadmin/services/saml.py
index 40c97bf..67255ca 100644
--- a/powerdnsadmin/services/saml.py
+++ b/powerdnsadmin/services/saml.py
@@ -163,7 +163,8 @@ class SAML(object):
             'signatureAlgorithm'] = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
         settings['security']['wantAssertionsEncrypted'] = current_app.config.get(
             'SAML_ASSERTION_ENCRYPTED', True)
-        settings['security']['wantAttributeStatement'] = True
+        settings['security']['wantAttributeStatement'] = current_app.config.get(
+            'SAML_WANT_ATTRIBUTE_STATEMENT', True)
         settings['security']['wantNameId'] = True
         settings['security']['authnRequestsSigned'] = current_app.config[
             'SAML_SIGN_REQUEST']