<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
OIE Upgrade Blocker for Required Non-Writable Attributes
Dec 11, 2025
Okta Identity Engine
Administration
Overview

The article addresses a warning displayed during the Okta Identity Engine (OIE) upgrade process. The following warning is shown: 

OIE_UPGRADE_REQUIRED_NON_WRITABLE_ATTRIBUTES_WARN

Self-Service Registration Non writable attributes (read only, hidden, or sensitive) have been detected.

Writing to Non-Writable attributes is not supported in Okta Identity Engine.  These attributes will be removed from the created profile enrollment policy as part of the upgrade; thus will no longer be populated by the user during registration.  If you do not know which attributes are impacted, contact support. 

The warning indicates that the current (Okta Classic) Self-Service Registration policy configuration includes non-writable attributes such as Directory or Inbound Federation. If no action is taken, these attributes will be removed from the newly created profile enrollment policy and will not populate the user profile after the upgrade. 

Applies To
  • Okta Identity Engine Upgrade
  • OIE_UPGRADE_REQUIRED_NON_WRITABLE_ATTRIBUTES_WARN
Cause

The problem occurs because non-writable attributes (such as Directory or In Bound Federation) are included in the Classic Self-Service Registration policy configuration. Writing to non-writable attributes is not supported in Okta Identity Engine (OIE). These attributes will be removed from the created profile enrollment policy as part of the upgrade.

Solution

Resolve the upgrade blocker by either converting the attribute to allow "read-write" user access or by implementing an alternative method.

If the attribute must remain "read-only," implement the following alternative method:

  1. Create a new attribute with "Read/Write" user access.

  2. Replace the current attribute in the Self-Service Registration policy.

  3. Create a Registration/Event hook that copies the new "read/write" attribute value to the original "read-only" attribute.

NOTE: The alternative method for achieving the ability to use a "read-only" attribute in Self-Service Registration requires the usage of an inline Registration Hook and/or Account Creation event hook, which can be configured in Okta Workflows.

Recommended content

Still looking for help?
Loading
OIE Upgrade Blocker for Required Non-Writable Attributes