In an OpenID Connect (OIDC)-based Org2Org integration, only attributes explicitly included in the OIDC assertion from the source organization are available for use as the Identity Provider (IdP) username format. The supported attributes typically include idpuser.subjectNameId, idpuser.email, and any other attributes that are actually passed in the assertion. The attribute idpuser.login isn’t supported unless it’s explicitly included in the assertion. This article clarifies how to pass a custom attribute in an OIDC assertion to set the username in a target organization.

• Okta Identity Engine (OIE)
• Okta Classic Engine
• Org2Org integration
• OpenID Connect (OIDC) Identity Provider (IdP) 

Follow the steps below to pass a custom attribute in an OIDC assertion that can be used to set the username in a target organization:

1. In the source org:
   1. Create a custom attribute for the User (default) Okta profile. Example: member_id.
   2. Go to Profile Editor > Apps > select the App > Mappings.
   3. Select the Okta User to App tab.
   4. Map the attribute to a "Base" attribute.

2. Now shift to the target org (Idp org):
   1. Go to Profile Editor > Identity Providers > select the Identity Provider > Mappings.
   2. Select the IdP to Okta User tab.
   3. Map it to login.

The result will look something like this:

Related References

• Integrate Okta Org2Org with Okta