How can I make additional AD fields such as UPN available through API? Skip to main content
https://support.okta.com/help/answers?id=906f0000000i0moia0&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Katie EvansKatie Evans 

How can I make additional AD fields such as UPN available through API?

My goal is to be able to return User Principal Name attribute in the User API.
Although UPN is a base attribute in the Okta User profile, it is not returned in the API call /api/v1/users/{{userId}}.
I can return the UPN attribute by first adding it as a property to the Okta User Profile and secondly going to Profile Editor > Directories > Active Directory User and creating a mapping between the Okta User Profile upn attribute and the AD userPrincipalName property.
We have over 40 active directory integrations and this would be tedious to have to do this for each one of them in order to use the Okta API consistently. Is this the correct way to accomplish returning the UPN from AD - is there an easier/better way?
Best Answer chosen by Niki (Okta, Inc.) 
Krishnan VenkatramanKrishnan Venkatraman (Okta, Inc.)
AD is considered as app in Okta. So only base Okta attributes are written when you do a get user call. But what you need is a get app user call, which will result in all the AD attributes for the user.

http://developer.okta.com/docs/api/resources/apps.html#get-assigned-user-for-application