Import Custom Attributes from Entra ID using OpenID Connect IdP
Dec 2, 2025
API Access Management
Okta Classic Engine
Okta Identity Engine
Overview
Okta offers a ready-made template, Microsoft IDP, for configuring Microsoft as an external social IDP. This template, however, uses a fixed schema for user attributes and cannot import or update custom attributes from Entra ID to Okta.
Applies To
- Microsoft social login
- OIDC social login
Cause
Microsoft IdP template cannot be used to import custom user attributes from Entra ID.
Solution
- Instead of using the Microsoft Social IdP template, create a custom OpenID Connect IdP. Please see this link for more details.
- Endpoints are available from this address: https://login.microsoftonline.com/{Entra Tenant ID}/v2.0/.well-known/openid-configuration
- Leave the Userinfo endpoint field blank so Okta will read claims within the ID token instead.
- Follow the same instructions to set up Microsoft Social IdP as detailed here, and go to Applications > App registrations > {App} > and set acceptMappedClaims to "true".
- Set up claims from Applications > Enterprise Applications > {App} > Single sign-on.
NOTE: user.country will be passed on from Microsoft as user.ctry instead, and this seems to be a known issue with Entra ID. See this link for more details.
- Configure attribute mappings on Okta to confirm user attributes getting updated upon social login.
