David Genenz (Customer) asked a question.
Hi everyone,
I tried to find an answer but didn't find anything that directly answers my question. There's probably something out there but I'm not able to locate it.
So, we have Workday integrated with Okta and I'd like to pass some of my Workday attributes into a SAML enabled application (employee learning center).
So attempting to add them in my employee learning center application under attributes statements using a variety of values such as workday.Supervisory_OrganizationID or $workday.$Supervisory_OrganizationID or {workday.Supervisory_OrganizationID} or pretty much anything else only ended up literally passing that exact text. So I'd get .workday.Supervisory_OrganizationID rather than the employees Supervisory org ID...
I ended up going into profile editor for employee learning center, adding attribute, mapping the workday attribute, workday.Supervisory_OrganizationID, to the new custom attribute then in the saml attribute statements I would use appuser.Supervisory_OrganizationID. This actually seems to be working for me but seems like a lot of extra steps.
Is there a way in the saml attribute statements to use expressions directly to pull attributes from another Okta application directly rather than having to create them per application in profile editor/mappings?
If this is the correct way, maybe it will help someone else going through this.
Thanks,
David
Hi David,
The "workaround" you have found is actually what we would suggest when trying to approach a situation like this.
It is much better for the Okta User Profile to be a proxy in this flow, given that a future change in profile mastery could break the SAML application.
I hope this answers your question.
Have a great day!
Thank you,
Bogdan Popescu