<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
What’s in a Name? How to Use Group Friendly Names and Descriptions
Jun 7, 2025
Okta Classic Engine
Identity Governance
Okta Identity Engine
Workflows

OVERVIEW

The initial stages of identity management implementation within a company often see the IT department taking the lead in establishing group naming conventions. While they may devise official guidelines, adherence tends to wane as the organization evolves. This erosion of protocol frequently results in a disorganized and inconsistent naming landscape. This is a critical issue, as group names may be necessary for downstream applications, meaning inconsistencies can have far-reaching negative impacts.

There is a spectrum of naming approaches, from descriptive and detailed labels to concise and potentially ambiguous ones. This variability is compounded by inconsistent use of descriptions, leading to instances where groups have clarifying details while others lack them entirely. The situation invariably worsens as the company grows, with mergers, acquisitions, and internal expansions adding layers of complexity. The sheer volume of groups can become unwieldy, making it difficult to maintain order. Without ongoing, rigorous enforcement and auditing of naming standards, a state of disarray typically emerges, hindering efficiency and creating potential security vulnerabilities.

 

APPLIES TO

  • Okta Identity Governance (OIG)

  • Access Requests and Access Certifications

  • Okta Okta Groups

 

ASSUMPTIONS

  • You are licensed for Okta Identity Governance and leveraging Okta groups for assigning users to resources and / or certifying that access.

  • You already understand how to create Okta Workflows, since this is not a guide in all the steps necessary to build fully productized workflows. 

  • Your Okta workflows have the proper scopes to manage groups within Okta.

GROUP FRIENDLY NAME AND DESCRIPTION

Introducing what we call Group Friendly Names and Descriptions, also officially known as End User Display Name and End User Display Description.  Groups now offer customizable profile attributes, enabling you to rename them from IT-focused labels to those more suited to end users like requesters, approvers, and reviewers. You can easily modify these attributes in the UI via the pre-built "Update Group" Workflow card or the Replace Group API endpoint.

 

UPDATING

In the UI

As an Administrator, log into your Okta console and select Directory / Groups in the Admin menu. In the "Search by group name" section supply the group name and locate the group to update.  Locate the Profile sub-menu and click Edit to modify and then save values to complete.

Using Workflows Card

To modify a group within Okta Workflows, begin by logging into your Okta console as a Workflow Administrator and accessing Okta Workflows. Initiate a new flow, then select the "Add App Action" option. Choose the Okta Icon and subsequently select the pre-built "Update Group" card.  Use this in your flow to update the group or groups in question using Workflows. 

Using Workflows without the card

Updating Group Names and Descriptions in Okta Workflows without using the out-of-the-box card

To modify group attributes, particularly the `endUserDisplayName` and `endUserDisplayDescription`, follow these steps in Okta Workflows:

Initiate a New Flow: Log into your Okta console, access Okta Workflows, and create a fresh flow. Add two Compose cards and an Okta Custom API Action card.

Set API Endpoint: In the first Compose card, input the relative API endpoint: `/api/v1/groups/{group id}`.  Replace the {group id} with the actual Group Id or pass it from another card. 

Define JSON Body: In the second Compose card, enter the JSON body format as shown in the Okta API documentation. Add the `endUserDisplayName` and `endUserDisplayDescription` attributes manually since they are not included in the example listed below.

Example JSON Payload (Initial):

{
  "profile": {
    "description": "All users West of The Rockies",
    "name": "West Coast users"
  }
}

Include New Attributes: Incorporate the `endUserDisplayName` and `endUserDisplayDescription` variables into the JSON payload. 

NOTE: This example payload uses the group used throughout this example.

Updated JSON Payload:

{
  "profile": {
    "description": "grp-ad-sftwr-dvlpmnt-prmssns-r/w-2025",
    "name": "grp-ad-sftwr-dvlpmnt-prmssns-r/w-2025",
    "endUserDisplayName": "Software Development Access (Read/Write)",
    "endUserDisplayDescription": "This group grants users permission to access and modify resources related to software development projects within the organization for the year 2025."
  }
}

 

UPDATED GROUP NAME AND DESCRIPTION

Once updated, these friendly names will be reflected when viewing the group in the UI.

ACCESS REQUEST BEFORE AND AFTER

Before

After

ACCESS CERTIFICATION SETUP

In order to see these business-friendly names within the Access Certification review, an Okta Administrator must select these values in the main campaign settings. 

Edit the Contextual information section.

Select the Resource Information section.

Select the checkbox to enable both new variables as shown in the image below.

 

Enabling name and description in Access Certifications as the reviewer.

 

Once reviewers log into the Okta Access Certifications application on their dashboard, they should open any assigned campaign. Instruct them accordingly.

 

To view the friendly name and description, reviewers have two options. First, upon selecting a review, a window will open on the right displaying context such as user information and resources, where the friendly names will be visible. Alternatively, to see these values on the main review page, reviewers can customize the view. This is done by clicking the three vertical dots (kabob icon) and selecting "Customize view".

NOTE: This must be done by the reviewer and cannot be done from an Administrator perspective.


When configuring the review screen, you can choose to display the new name and/or description fields. Alternatively, these details can be accessed by clicking on each individual review item. See that the real group name remains visible under the resource within the campaign.

NOTE: It is NOT recommended to add description if those values are lengthy.  

 

Summary

This article discusses the importance of using group-friendly names and descriptions in Okta Identity Governance and Okta Groups. It highlights how IT-centric group naming conventions can become disorganized over time, leading to confusion and potential security risks.

 

The article introduces the concept of "Group Friendly Names and Descriptions" (also known as "End User Display Name" and "End User Display Description"), which allow administrators to rename groups with more user-friendly labels. It provides instructions on how to update these attributes through the Okta UI, using the "Update Group" Workflow card or via the Okta API.

 

Additionally, the document covers how these friendly names are reflected in the UI, access requests, and access certification reviews. For access certifications, administrators must enable the display of these variables in the campaign settings. Reviewers can customize their view to see the friendly names and descriptions in the review screen.

 

The article emphasizes that consistent and clear naming practices enhance efficiency and security in identity management.

Related References



Recommended content

Still looking for help?
Loading
What’s in a Name? How to Use Group Friendly Names and Descriptions