<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content

Hide Personal Information In Okta Advanced Server Access User Profiles

Advanced Server Access
Okta Classic Engine
Okta Identity Engine

Overview

Personal information can be hidden from user profiles in Okta Advanced Server Access (ASA) by modifying the application sign-on settings and mapping custom attributes. Configure the username format to use an internal ID and create custom attributes in the Profile Editor to anonymize the user data provisioned via System for Cross-domain Identity Management (SCIM).

Applies To

  • Okta Identity Engine (OIE)
  • Okta Classic Engine
  • Okta Advanced Server Access (ASA)

Solution

How is personal information hidden in Okta Advanced Server Access user profiles?

Update the application sign-on settings, create custom attributes in the Profile Editor, and map the attributes using Okta Expression Language to anonymize user data.

  1. Access the Okta Admin Console and navigate to the ScaleFT ASA app in question > Sign On tab > Edit and change the username format to custom and paste the following: user.getInternalProperty('id') then click Save.
  2. Navigate to ScaleFT ASA app Profile: Directory > Profile Editor > ScaleFT ASA app in question > Profile
  3. Is required to create 2 custom attributes (unixUserName likely already exists, in which case just create formatted attribute):
    • Attribute: unixUserName
      • Data type: string
      • Display name: unixUserName
      • Variable name: unixUserName
      • External name: unixUserName
      • External namespace: urn:scim:schemas:scaleft:user:1.0
      • Attribute Length: Between 1 and 255
      • Attribute Type: Personal

 

    • Attribute: formatted
      • Data type: string
      • Display name: formatted
      • Variable name: formatted
      • External name: name.formatted
      • External namespace: urn:ietf:params:scim:schemas:core:2.0:User
      • Description: formatted full name
      • Attribute Length: Between 1 and 255
      • Attribute Type: Personal
  1. Next, map the attributes, navigate back to the Profile of the ASA app, then click on Mappings > Okta User to <ASA app>.
  2. Copy and paste the expression below in each of the fields: givenNamefamilyName, and formatted.
    user.getInternalProperty('id')
  3. Copy the expression below in the email field (This is a fake email value, but it can be changed to the domain):
    user.getInternalProperty('id') + "@domain.com" 
  4. Copy the expression below and paste it in the unixUserName field:
    "u" + user.getInternalProperty('id')
  5. Next, create a push TEST group to the ASA app and then assign that group to the app. Make sure the group has at least one member: 
    1. Navigate to the ASA app > Push Groups > Find group by name > Select the group and click Save.
    2. Next, click on the Assignments tab > Groups > Assign to Group > select the group that was created earlier, and assign.
    3. Log in to the ASA dashboard and validate that provisioned users are not showing any personal information.
Loading
Okta Support - Hide Personal Information In Okta Advanced Server Access User Profiles