How to populate the Okta "manager" attribute from Active Directory Skip to main content
https://support.okta.com/help/answers?id=9062a000000quggqac&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Louis BarbourLouis Barbour 

How to populate the Okta "manager" attribute from Active Directory

Hello,

We currently have AD integrated into Okta and set as the Profile Master. In the process of setting up various other application integrations with Okta, we have run across a need to populate "manager" information to another application. I noticed that this field is not being automatically mapped from AD to Okta.

The "managerDn" attribute from AD shows on a users Profile page in Okta, but there's no mapping to populate that information into the users "manager" attribute in Okta. I tried mapping the "manager" to "managerDn" hoping it was somehow pre-defined to only pull the managers name, unfortunately it populated the entire distinguished name.

How can I get Okta to populate the "manager" attribute from the appropriate information that's already defined in Active Directory?
Best Answer chosen by Louis Barbour
Vasile DragomirVasile Dragomir (Okta, Inc.)
I understand from your description that when you try to map the Manager attribute to users using the "managerDn" does populate the entire distinguished name not the appropriate information that's already defined in Active Directory. 

You can try to use a diffrent okta expression language than the "managerDn".

The following Okta develope page can help you to find apropriate okta expression language that may responde to your needs 

https://developer.okta.com/reference/okta_expression_language/

You can find several usefull expressions under "Manager/Assistant Functions" topic 

 
For example I try to use : "getManagerUser("active_directory").firstName " instead of predefined "managerDn" 

All Answers

Vasile DragomirVasile Dragomir (Okta, Inc.)
I understand from your description that when you try to map the Manager attribute to users using the "managerDn" does populate the entire distinguished name not the appropriate information that's already defined in Active Directory. 

You can try to use a diffrent okta expression language than the "managerDn".

The following Okta develope page can help you to find apropriate okta expression language that may responde to your needs 

https://developer.okta.com/reference/okta_expression_language/

You can find several usefull expressions under "Manager/Assistant Functions" topic 

 
For example I try to use : "getManagerUser("active_directory").firstName " instead of predefined "managerDn" 
This was selected as the best answer
Louis BarbourLouis Barbour
Thanks Vasile for the info, that's exactly what I was looking for.

To expand upon your response just a little bit for anyone else who may see this (as the developer link provided doesn't really go into much detail on this particular section):

The ".firstName" portion of the "getManagerUser("active_directory").firstName" expression mentioned above, is referring to one of the attributes that is being imported from Active Directory (you can see the full list of available attributes by looking at the active_directory profile in the Profile Editor section of Okta). This means that you can select virtually any attribute that is being imported from AD.

In my case I was wanting the full name for the manager, which is imported via the "displayName" attribute. So, the expression ended up being "getManagerUser("active_directory").displayName"