<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
How to Assign a User to a Group by the Creation Date
Lifecycle Management
Overview

According to the Okta Expression Language article on group rules, Time functions are not supported in group rules, but this can be bypassed by leveraging another attribute that will hold a temporary value, based on which a group rule will be defined.

NOTE: This also applies to any other profile master with a string DateTime attribute. For consistency purposes, the Time.now function is not recommended for use.

Applies To
  • Okta Expression Language (OEL)
  • Group Rules
  • Active Directory (AD)
  • Attribute Level Mastery
Solution

Please follow the below video or steps:

  1. Define a boolean data type attribute on the Okta profile, which will hold the temporary value by navigating to the Directory > Profile Editor > User(default) and clicking the +Add Attirbute button, defining the attribute as shown below:

Add attribute

  1. Next, create a new mapping for the above attribute from the AD attribute, which passes the account creation date value from AD to Okta (in this case, it will be appuser.whenCreated) by using the following expression:
    (Time.fromIso8601ToWindows(appuser.whenCreated) >= Time.fromIso8601ToWindows("2022-01-01T00:00:00.000Z")) ? true:false

mapping 

The result will be:
 
result

NOTE: The whenCreated field is not imported from Active Directory by default and needs to be added.
 

  1. Now, proceed to create the rule that will parse the new attribute created, which will only contain the user.createdLater == true expression for parsing:
Add rule


Related References

 
Loading
How to Assign a User to a Group by the Creation Date