<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
How to Pass Multivalued Attributes in a SCIM User Object
Jun 17, 2024
Okta Classic Engine
Okta Integration Network
Overview
How to Pass Multivalued Attributes in a SCIM User Object.
 
Applies To
  • SCIM Server
  • Create user
  • Update user
  • Multivalue Attributes
  • User Attributes
Solution

SCIM specs allow to passing of multivalued attributes. For example, a user can have multiple emails. These email values can be included as a JSON array in user objects sent in create or update user requests to the SCIM server.
Below is an example of the multivalued email attribute:

"email" : [
   { 
  "primary" : true,
  "value" : "username@example.com"
  },
  {
  "type" : work,
  "value" : "username@acme.com"
  }
]

Passing multivalued attributes from Okta to the SCIM server requires creating multiple attributes in the SCIM app profile. For example, if two emails need to be passed in the array, one would need to create two attributes in the SCIM app and map two Okta email attributes to SCIM attributes. 

In the following steps, we will use the "roles" attribute as an example.

  1. In Okta, go to Directory > Profile Editor > SCIM App Profile. Create Two Attributes as follows.

    1. Click Add Attribute button. Create the first attribute named Primary Role, whose External Name is roles.^[type=='Primary'].value. 

    2. Create another attribute name Additional Role whose External Name is roles.^[type=='additional'].value

  2. Create two Okta profile attributes. We will map Okta attributes to SCIM app attributes.

    • Go to Directory ProfileEditor - Click on the Profile button next to Okta (at the top). Click the Add Attribute button and add two Okta attributes (existing attributes can be used as well).

  3. Click the Map Attribute button to map two Okta attributes to these SCIM attributes we created in the previous step. Ensure presence on the Okta to SCIM app tab.

  4. Click Save Mappings

  5. Pick a user to test it with. Go to Directory -> Profile -> Users -> User profile of choice. Ensure that two attributes are set to a value.

  6. Enable provisioning using the SCIM server in the SCIM app. Assign the test user to the SCIM app. In the create user request object, the roles object should be received in the create user request.

roles:  [
 { type: 'additional', 'value ': 'Developer Support' },
 { type: 'Primary', value: 'KCS Writer' } 
]


How it works:

The external name format is used by Okta to construct the multivalued attribute.

Very basic multivalued attribute as per SCIM spec has at least two attributes per object. One is 'type', and the second is 'value'. 'Type' identifies the kind of each 'value'. For example, Developer Support is the value of type Primary in our example.

So, the format of the external name is {} indicate variable values.

{attributeName}.^[type=='{typeName}'].value

Where attributeName is specified, the name of the multivalued attribute is being constructed. In this example, it is a role. Therefore, any other SCIM app attribute that starts with the same name will be added to that array.

Recommended content

Still looking for help?
Loading
How to Pass Multivalued Attributes in a SCIM User Object