Map the thumbnailPhoto attribute from Active Directory (AD) to Okta by adding the attribute to the directory profile, creating a corresponding attribute in the Okta user profile, and configuring the attribute mapping. This process synchronizes user profile pictures from AD directly into Okta for use in downstream applications.

• Okta Identity Engine (OIE)
• Okta Classic Engine
• Active Directory (AD)

How is the thumbnail photo attribute mapped from AD to Okta?

Add the attribute to the AD profile, create the new attribute in the Okta user profile, and configure the mapping from AD to Okta.

1. From the Okta Admin Console, navigate to Directory > Profile Editor.
2. Select Directories from the left panel, and then select the desired AD instance.

3. Select +Add Attribute.

4. Search for thumbnailPhoto, select the attribute, and select Save.
5. Navigate back to the Profile Editor, select Okta from the left panel, and select the desired Okta user profile.
6. Select +Add Attribute.
7. Configure a new Okta user profile attribute with a data type of "string" that will hold the thumbnailPhoto data, and select Save.

8. Navigate back to Directory > Profile Editor > Directories, and select the AD instance where the thumbnailPhoto attribute was initially added.
9. Select Mappings.
10. On the [AD] to Okta User tab, configure the attribute mapping from the AD thumbnailPhoto attribute to the newly created Okta user profile attribute.

11. Select Save, and then run an import from AD to populate the attribute.

NOTE: Okta generates an error when mapping a thumbnail photo from AD to Okta if the thumbnail in AD is too large. The photo must be no larger than 96 pixels by 96 pixels (100 KB).