Sometimes, it is necessary for a company to change the profile source for users as it evolves in time, so profile source switches will occur between profile sources. This process should be taken in steps, as it has the potential to make drastic changes to user environments and lock users out of their applications and data. It is advised to make the transition gradually and supervised. If specialized help is required, a dedicated Professional Services team can assist with the transition and provide a fast resolution to the issue and its logistics. More information about the Professional Services team can be found by discussing the issue with the Account Executive assigned to the account.

• Active Directory
• BambooHR
• Workday
• SuccessFactors
• Profile Source
• Okta Universal Directory
• Okta Classic Engine
• Okta Identity Engine (OIE)

To safely remove an application as the profile master in Okta, follow these steps:

1. Identify a Test User: Choose a single user account to test the impact of removing the profile master. This user should ideally be non-critical to daily operations.

2. Test for a Single User (recommended):

   1. Remove the application assignment from the test user.
      • In Okta, navigate to the test user's profile. Go to the Applications tab and remove the assignment of the application that is currently the profile master for this user.
   2. Observe the attribute changes.
   3. After removing the assignment, carefully examine the test user's Okta profile. Note any changes to the attributes that were previously mastered by the application. This step helps identify which attributes will be affected when the application is no longer the profile master.

3. Gradually modify Attribute Level Mastering (ALM) with Override Profile Master (if multiple profile masters exist):
   
   1. Navigate to Okta Admin Console > Directory > Profile Editor.                                                                   
         
   2. Find and select the Okta User Profile.
       
   3. Review the attribute mastering. For each attribute currently mastered by the application that should be removed, click the blue button, check Source priority, and select Inherit from Okta.
   4. Then, click Save Attribute.

4. Verify User Attributes in Okta: Before disconnecting the application, ensure that all necessary user attribute values are present and correct in the Okta User Profile. This includes all data that was previously synchronized from the application. Any missing or incorrect attributes will need to be addressed after the application is disconnected.

5. Disable Scheduled Imports: If the application has any scheduled imports into Okta, set the import schedule to Manual or Never Import. This will prevent any further automatic updates from the application during the disconnection process.

6. Disable Profile Mastering: Remove the application as the profile master in Okta. This can be achieved by unchecking Allow Active Directory to source Okta users in the Provisioning section (App to Okta).

7. Review and Update Attribute Mappings: In the Okta Profile Editor, review the attribute mappings and adjust them as necessary to ensure user profiles in Okta continue to be updated correctly after the application is disconnected. This may involve mapping attributes to different sources or setting default values.

8. Post-disconnection of Attribute Management:

• • If any attributes are incorrect or missing in Okta after removing the application, update them manually. Options include:
    • Individual user profile updates in the Okta Admin Console.
    • Bulk updates using a CSV import.

9. Testing (Strongly Recommended): It is strongly recommended that these steps be performed in a non-production (test) environment first. This will allow verifying the process and identifying any potential issues before making changes in the production Okta environment, minimizing the risk of data loss or disruption.