<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base

Okta Administrators Can Modify Read-Only Custom Attributes

Last Updated:

Lifecycle Management
Okta Classic Engine
Okta Identity Engine

Overview

This article clarifies why Okta admins can modify read-only custom attributes, including modifying them through Okta API calls.

Applies To

  • Universal Directory
  • Lifecycle Management
  • Custom Attribute
  • Administrator Roles and Permissions
  • Okta API Call
  • Okta Classic Engine
  • Okta Identity Engine (OIE)

Solution

Read-only custom attributes can be modified by Okta Admins who have the appropriate user management permissions. This is also doable via API as long as the API token associated can perform Okta user management functions. The API token will inherit the permissions of the Admin who creates it.


The Read Only functionality is intended specifically for what Okta End Users see in their profile in the Okta End-User Dashboard.  The Read Only custom attribute is viewable in the Okta End-User Dashboard > Settings > click Edit beside Personal Information.


NOTE: Please ensure that the appropriate Administrator role is assigned to adhere to Principles of Least Privilege. This will help avoid mistakes being performed by Admins and will help improve overall Okta security.

 

Related References

Recommended content

Still looking for help?
Loading
Okta Support - Okta Administrators Can Modify Read-Only Custom Attributes