How to Map orgUnitPath for AD to G-suite

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:30 AM

My understanding is that the reference based attributes for the G Suite (orgUnitPath) that you see in the profile editor are not something you can custom map.

So you may consider group based mapping, for e.g

1. Create the groups in AD for all the OUs that you want to map in G Suite.

2. Go to G Suite Application in Okta

3. Click on Assignment Tab --> Assign by Group

4. Here you'll do static mapping, for example marketing group in AD should be mapped to Marketing OU in G Suite

5. Define the proirity of your group assignments to ensure user moves in AD should correctly reflect in G Suite.

Though you can also do static AD OU to G Suite OU mapping, but above group based mapping will give you more flexibility as the whole reason of creating OU in G Suite is to apply different permisssions/access to services.

Static AD OU to G Suite OU, showing you one OU (ABC) mapping, you can more the same way-:

1. Create a Group named ABC in Okta --> and populate it with the group rule which says "any user whom DN includes the string OU=ABC,dc=ad,dc=goldyarora,dc=com --> put that user in this ABC.

2. Then I have G Suite application assigned to this group which says "If user is a part of this ABC group --> then assign him G Suite and put him in "ABC" OU.

Expand Post

GoldyA.44053 (Customer)
Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:30 AM
My understanding is that the reference based attributes for the G Suite (orgUnitPath) that you see in the profile editor are not something you can custom map.

So you may consider group based mapping, for e.g
1. Create the groups in AD for all the OUs that you want to map in G Suite.
2. Go to G Suite Application in Okta
3. Click on Assignment Tab --> Assign by Group
4. Here you'll do static mapping, for example marketing group in AD should be mapped to Marketing OU in G Suite
5. Define the proirity of your group assignments to ensure user moves in AD should correctly reflect in G Suite.

Though you can also do static AD OU to G Suite OU mapping, but above group based mapping will give you more flexibility as the whole reason of creating OU in G Suite is to apply different permisssions/access to services.

Static AD OU to G Suite OU, showing you one OU (ABC) mapping, you can more the same way-:
1. Create a Group named ABC in Okta --> and populate it with the group rule which says "any user whom DN includes the string OU=ABC,dc=ad,dc=goldyarora,dc=com --> put that user in this ABC.
2. Then I have G Suite application assigned to this group which says "If user is a part of this ABC group --> then assign him G Suite and put him in "ABC" OU.
Expand Post
costel.curca1.4665496479388772E12 (Okta, Inc.)
Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:30 AM
Hi Sean, My name is Costel from Okta support.
If your comapny's requirement is to have the Org unit from AD mapped to G Suite, as Goldy mentioned that is possible.
You can do it from the profile editor but an expression must be used to strip out extra information.
We have this OU path in AD
EX: domain.local/OU/
You can use "/" + String.substringAfter("/") as an expression to strip out the domain and add / at the beginning. This will give you a clean value EX: /OU which can be then pushed to G Suite. If you need more infroamtion please reply on the ticket that you ahve opened with Okta support.
Expand Post

Your Privacy

Your Privacy

Strictly Necessary Cookies

Strictly Necessary Cookies

Functional Cookies

Functional Cookies

Performance Cookies

Performance Cookies

Share or Sell of Personal Data

Share or Sell of Personal Data

Advertising Cookies

Your Privacy

Your Privacy

Strictly Necessary Cookies

Strictly Necessary Cookies

Functional Cookies

Functional Cookies

Performance Cookies

Performance Cookies

Share or Sell of Personal Data

Share or Sell of Personal Data

Advertising Cookies