<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
Add Custom Profile Attributes as Claims in an ID Token or /userinfo
API Access Management
Overview

This article describes how to get custom profile attributes using an Org Authorization Server.

Applies To
  • Okta Org Authorization Server
  • OpenID Connect (OIDC) (Authentication) use case only
  • Implicit, Authorization Code, or Resource Owner Password grant types
Solution
  1. Create a custom user profile attribute by navigating to Directory Profile Editor > User (default).

User(default)

  1. Click on Add Attribute, enter the details, and Save.
    Add Attribute 
  2. Go to Directory > People > select the user > under the Profile tab > click Edit > add a value.

    custom claim attribute
  3. Create a custom attribute on the OIDC App by navigating to Directory > Profile Editor > Apps > click on the OIDC App > Add Attribute.
     App Custom Attribute 
     
  4. Under Mappings > Okta User to OIDC App, map the attribute from Okta to the OIDC App.

Mappings

    1. Link the attribute (Select from the drop-down).

      Link attribute 

    2. Select the desired option.
      Link attribute 
    3. Save Mappings.

 

  1. The custom profile attribute can be found by calling the /userinfo endpoint, as documented in the Attribute/Claim Missing from ID Token article.

Custom attribute
   

NOTE: Both scopes (openid, profile) are required in the request to see the custom attribute at the/userinfo endpoint.

 

Related References

Loading
Add Custom Profile Attributes as Claims in an ID Token or /userinfo