• System for Cross-domain Identity Management (SCIM)
• Security Assertion Markup Language (SAML)
• Provisioning
• Mappings
• Okta Classic Engine
• Okta Identity Engine (OIE)

Requirements:

• An Okta tenant.
• A SAML app integration or a SCIM app integration.

Before starting:

Updating an attribute from Okta to an application can be done only after activating Provisioning with Update user attributes set to enabled:

Create the Okta attribute:

1. Navigate to Directory > Profile Editor on the Okta Admin Console.

2. Locate the User(default) profile and click on it.

3. Click the  button.

4. On the form, enter the required information (Display name, Variable name, and Description are mandatory fields).

5. Click Save, refresh the page, search for the newly created attribute in the list, and copy the variable name.

NOTE: This can be applied to any of the application profiles in the app list, with the mention that on SCIM-enabled apps without schema discovery, the External name and External namespace of the attribute should be obtained from the application vendor.
 

A. Mapping via the SAML Assertion.

Mapping on a Custom SAML application:

1. Navigate to the General Tab and click on Edit the SAML Settings.

2. Click next to skip editing the name and icon, and scroll until the attribute statements section is found.

3. Enter the variable name of the attribute from the Application side(please refer to application support for an exact variable name and Name Format).

4. In the Value field, the attribute created earlier on the Okta User profile can be referenced by appending the user. to the attribute(for example, if the variable name of the Okta attribute is employee it can be referenced by using the user.employee expression).
   
   NOTE: appuser.attributevariable (for example, appuser.employee) can be used if defined on the application profile and a value given on user assignment.

5. Once the data is entered, press Next and Finish on the following window. The assertion will now contain the attribute.

Mapping on an Okta Integration Network (OIN)App:

1. Navigate to the Sign On tab.

2. Click on Edit on the settings page.

3. Expand the Attributes (Optional) dropdown menu.

4. Enter the variable name of the attribute from the Application side(please refer to application support for an exact variable name and Name Format).

5. In the Value field, the attribute created earlier on the Okta User profile  can be referenced by appending user. to it (for example, if the variable name of the Okta attribute is employee it can be referenced by using the user.employee expression).

6. Scroll down and Save. The assertion will now contain the attribute.

B. Mapping via SCIM without schema Discovery.

To map an attribute via SCIM without schema discovery, it must first be defined on the application profile. This can be done by:

1. Navigate to Directory > Profile Editor and search for the app name.

2. Click the name of the app so the attributes can be edited.

3. Click on the button and fill out the required fields (Display Name, Variable Name, External name, External namespace, and Description).
   
   NOTE: The External name and External namespace of the attribute should be obtained from the application vendor, as they are specific to every application, and without them, a connection to the application attribute cannot be made.

4. Click Save.

To map the attribute:

1. Navigate to Directory > Profile Editor and search for the app name.

2. Click the Mappings button.

3. In the opened window, click on the Okta User to Application button.

4. To map the Okta attribute, either type user.Okta_attribute_variable_name(for example, user.newOktaatribute) was created or select it from the dropdown menu.

5. By default, the attribute applies only to create. This can be changed by clicking on the  button and selecting Apply mapping on create and update from the dropdown menu.

6. Click on Save Mappings and Apply updates now. This will trigger a provisioning job, and the attribute will be sent to the application for all the users.

C. Mapping via SCIM with schema Discovery

To map an attribute via SCIM with schema discovery, it must be defined first on the application profile. This can be done by:

1. Navigate to Directory > Profile Editor and search for the app name.

2. Click the name of the app so the attributes can be edited.

3. Click on the button.

4. Click on the button, and the attribute will appear in the list.

5. Select the checkbox next to the attribute and click Save. Now, the attribute is ready for mapping.

To map the attribute:

1. Navigate to Directory > Profile Editor and search for the app name.

2. Click the Mappings button.

3. In the opened window, click on the Okta User to Application button.

4. To map the Okta attribute, either type of user.Okta_attribute_variable_name (for example, user.newOktaatribute) was created or select it from the dropdown menu.

5. By default, the attribute applies only to create. This can be changed by clicking on the button and selecting Apply mapping on create and update from the dropdown menu.

6. Click on Save Mappings and Apply updates now. This will trigger a provisioning job, and the attribute will be sent to the application for all the users.