One of the built-in features for OIN applications that support Provisioning is the Update User Attributes feature. This feature updates user attributes from the Okta user profile downstream in the application.
In some cases, group type attributes are available by default for applications with provisioning enabled, but Okta does not always send the updated group assignments if the attributes are already mapped or set to individual.
- Group Type Attributes
- User Lifecycle Management (LCM)
- Provisioning
- Okta Classic Engine
- Okta Identity Engine (OIE)
The group type attribute is set to be mapped when the attribute does not exist, or information is missing/misconfigured on the Okta user profile:
Or a set value is added for all of the users affected by this attribute:
Below are two methods to unmap the group type attribute:
From the Application:
-
In the Okta Admin Console, navigate to Applications > Applications > Affected application(s) > Provisioning > To App.
-
Scroll to the attribute in question.
-
Click on the X button on the right side to unmap the attribute.
From the Profile Editor:
-
In the Okta Admin Console, navigate to Directory > Profile Editor > Affected application profile > Mappings > Okta User to Application Name.
-
Scroll down to the affected attribute.
-
Click the middle section where the green/yellow arrow is located, and a dropdown will appear, select Do not map and then click Save Mappings.
-
Click Apply Updates now.
After the above steps are completed, in the flow of doing a group assignment to the application, the change will be as follows:
- Below is an example of an attribute that supports both individual and group type assignments:
- Below is an example of the new group assignment view:
