This article deals with a situation where a user's Active Directory (AD) ObjectGUID attribute value, which by default is mapped to Okta's externalID (also known as Object GUID), does not match the value in AD. This discrepancy may cause confusion, but can be explained and rectified.
- Active Directory
- Universal Directory
- Okta Classic Engine
To address this, PowerShell commands can be used to convert the Base64 version back to the AD ObjectGUID value and vice versa:
- To convert the Base64 version back to the AD ObjectGUID value, use the following PowerShell command:
[Guid]([Convert]::FromBase64String("Base64_Value"))
- To convert an ObjectGUID's value to Base64, use the following PowerShell command:
[Convert]::ToBase64String([guid]::New("ObjectGUID_Value").ToByteArray())
There is no method to convert the value within Okta or to map AD's objectGUID directly to an Okta attribute without this Base64 formatting being applied. If the objectGUID value is required for use in a downstream application without Base64 formatting, the value will need to be stored in a different AD attribute and mapped using that attribute or be added to the user profile via some other method, such as CSV import.
