When integrating Microsoft Entra ID as an Identity Provider (IdP) with Okta as a Service Provider (SP), the following errors may be seen in the Okta System Log:

FAILURE: Unknown Profile Attribute

• Microsoft Entra ID
• Identity Provider (IdP)
• Service Provider (SP)
• Single Sign-On (SSO)

Entra ID user attributes to Okta attributes are incorrectly configured.

The external name for the Entra ID attribute sent from Entra ID must be mapped to an Okta attribute with a matching external name. Otherwise, Okta will not recognize the attribute.

1. Access the Okta Admin Console.
2. Navigate to Reports > System Log and enter the following filter in the search box to find the Unknown Profile Attribute error in the Okta System Logs:

eventType eq "user.authentication.auth_via_IDP" and outcome.result eq "FAILURE" and outcome.reason eq "Unknown Profile Attribute"

2. Expand Event > System > DebugData > AttributeNames entry in the Okta System Log to see the external name sent by Entra ID.

3. Navigate to Security > Identity Providers and click Edit Profile and Mappings for the desired IdP.

4. Compare the external name sent by Entra ID shown in the Okta System Log against the table below to see what variable name it corresponds with. In this example, http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname matches with firstName.
5. Click on the pencil for the row with the firstName Variable Name to verify the external name configuration.

In this example, the external name is configured as firstName, which does not match the external name being sent from Entra ID, which is present in the Okta System Logs.

6. To correct this, delete the attribute from the IdP profile and re-create it with the appropriate external name.

NOTE: The attribute will need to be set to Do not map under Mappings before it will be allowed to be deleted.

 Attributes Required by Okta

Optional attributes

Related References 

• Map Microsoft Entra ID attributes to Okta attributes