<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7VVYSA3Okta Classic EngineSingle Sign-OnAnswered2024-06-17T07:28:37.000Z2018-08-07T23:01:11.000Z2018-08-07T23:01:11.000Z

yeqr1 (yeqr1) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:20 AM
How do I specify a username from a mapped attribute?
I have an SAML application which I am trying to pass the username from an string from an AD field, which is mapped to the Okta user attribute "MyAttribute" (also string type). How the heck do I do this? According to the "Learn more about the expressions you can use in the custom rule" link that shows when you select "custom", this would be:

${user.MyAttribute}

...but this generates an error.

I tried variations on the syntax but they all either generate an error or get interpreted as a literal string.

 

Also, how do I clear an attribute from, or delete entirely, a user's application profile for a specific application? I need to do this because once something gets interpreted as a literal string, that becomes the user's login for that app and I need to be able to tell if I ever get it to actually pull from the "MyAttribute" attribute.
  • 2 answers
  • 1.88K views

  • bogdan.radu1.5240784598154304E12 (Vendor Management)

    Hello Rob,

     

    To achieve this , you need to make sure you have an attribute in AD to map it to the Okta Profile and then from Okta to App.

    Please follow this documentation regarding managing user profiles in Okta and how to map attributes using the Profile Editor :

    https://help.okta.com/en/prod/Content/Topics/Directory/Directory_Profile_Editor.htm?cshid=ext_Directory_Profile_Editor

    And AD Field Mappings to Okta : 

    https://help.okta.com/en/prod/Content/Topics/Directory/Directory_AD_Field_Mappings.htm

    If this doesn't help , feel free to submit a ticket and my colleagues and I will guide you step by step.

     

    Bogdan Radu

    Technical Support Engineer

    Tier 2 Okta
    Expand Post

  • wa6h1 (wa6h1)

    Thanks.... I had the AD attribute mapping successfully to a custom attribute in Okta, I was trying to get it to use that attribute as userName from the SAML config.

     

    I was able to figure out from another thread, the missing link was that I needed to go into profile editor and tell it to map the custom attribute to the app userName attribute. Once I did that, I just set the SAML userName to "Okta username" and it worked like a champ.

     

    That said, I still wonder if there is a limitation for what Okta attributes can be passed as userName in the SAML setup using a custom expression? It would take ${user.login} or ${user.email} just fine, but when I put ${user.managerID} (the built-in Okta field I tried to use before creating the custom attrbute) or ${user.myCustomAttribute} it gave an error in red.
    Expand Post
This question is closed.
Loading
How do I specify a username from a mapped attribute?