Add Okta to user with correct profile mappings Skip to main content
https://support.okta.com/help/answers?id=9062a000000bmtqqay&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Scott LuziScott Luzi 

Add Okta to user with correct profile mappings

Hi,

Recently implemented Okta. AD is acting as profile master, would like to eliminate AD from the "user creation" portion of our workflow so we can begin delegating more to HR and simply clean up the process. We've been using AD to manually define the ProxyAddresses attribute since we cutover to 365 from on-prem. Not a hybrid implementation, full cloud with Okta WS-Fed for auth and Okta Universal Sync replacing DirSync / AzureAD Connect.

That said, I am having difficulty grasping where I need to do for Okta->Internal AD profile mappings. Specifically, trying to find a list of values I need for Okta to replicate back to AD. ProxyAddresses is an obvious one, as we use Office365 & our spam-filter grabs names based on this attribute. Not sure what syntax to use on the Okta side, though.

In AD itself its usually SMTP:jdoe@primary.com, smtp:jdoe@secondary.com.

In Okta, I have created the ProxyAddresses attribute on the AD side so it can grab it from internal and push to the user profile for Universal Sync over to 365. My concern is the reverse - Okta to Active Directory.

My assumptions on good mapping correlations are:

Manager (Okta) = ManagerDN (but how does it account for the rest of the distinguished path? - should I be looking at the ManagerUpn value instead)?
Organization (Okta) = Company (AD)
PrimaryPhone (Okta) = IP Phone (AD - we have primary phone as DID #s in our GAL)

Genuinely appreciate the advice.

 
Andy GastonAndy Gaston (Okta, Inc.)
Hey Scott,
Welcome to Okta!
As this was really more of a Support Question, than a community post, I went ahead and called you directly.
Per the conversation we've had on the phone, I've shown you how this can be accomplished for your specific environment, using the Attribute Mappings and Custom Attributes. Also recommended, was to use a Preview Org with a Sandbox AD, in order to test these changes before implementing them in your Production Org.