<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Can Group Push Mapping API Be Used to Add Additional AD Attributes
Sep 26, 2025
Lifecycle Management
Okta Identity Engine
Overview

This article discusses whether it is possible to add or update additional attributes to Active Directory (AD) using the Group Push Mapping API (to update a group email address, for example).

Applies To
  • Group Push Mapping API
  • Group Push
  • Active Directory
  • Okta Identity Engine (OIE)
Solution

No, the focus of the Group Push Mapping API is synchronizing group memberships, not managing the broader AD Group attributes. 

 

The Group Push Mapping API is designed to execute the existing Group Push functions as a way of synchronizing user membership. Group Push helps push existing Okta groups and their memberships to provisioning-enabled third-party apps. Active Directory supports Group Linking, which allows linking existing AD groups to Okta Groups. However, Pushed groups are managed from Okta.

 

Okta does supply APIs to interact with Groups in Active Directory Integrations, but these are limited in scope to Group Members.

 

Related References

 

Recommended content

Still looking for help?
Loading
Can Group Push Mapping API Be Used to Add Additional AD Attributes