<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D51Y00006G6R9kSAFOkta Classic EngineUniversal DirectoryAnswered2024-04-16T11:15:24.000Z2019-05-16T14:40:58.000Z2019-06-11T15:06:40.000Z

MartinL.63093 (Customer) asked a question.

May 16, 2019 at 2:40 PM
Write OKTA User ID to Active Directory

Hi,

we are currently in a planning and designing face to integrate OKTA as an automation Tool for User Lifecycle Management and make it The Main Hub between SAP and NON SAP World.

Therefore we search an Attribute that can be published into different kind of Applications and used as unique ID.

As OKTA is creating a unique ID with User creation there was the Idea to simply Use this.

 

The Question is: Can i simply write this ID with expression language or anything else into an AD attribute? Or is it possible to Write the ID into a custom User Profile Attribute?

 

Best

Martin

  • 4 answers
  • 1.25K views

  • feok4 (feok4)

    You should be able to use the profile editor in UD to accomplish this. Are you looking to create the AD accounts? If so, then Okta would be acting as a master. Is that your intention?

    Selected as Best

  • feok4 (feok4)

    You should be able to use the profile editor in UD to accomplish this. Are you looking to create the AD accounts? If so, then Okta would be acting as a master. Is that your intention?

    Selected as Best

  • MartinL.63093 (Customer)

    Currently AD is the Master, but this will change as OKTA will be the way to provision AD Accounts.

    But in any way, i am not able to use the OKTA ID in Attribute Mapping. Therefore the question is:

    Is it possible to write the OKTA ID into a User Profile Attribute? or in an AD Attribute with inside the mapping.

  • tomas.popescu1.5193135132722603E12 (Vendor Management)

    My name is Tomas and I'll be assisting you with this question.

    We can create a custom attribute user.id and get the id of the users using api. But unfortunately we will need to leverage the CSV import and add the user.id inside the CSV so we can add the attribute for users in bulk not edit every single user individually. We can use the following article to get the api for the list users: https://developer.okta.com/docs/api/resources/users/  /api/v1/users/${userId} https://help.okta.com/en/prod/Content/Topics/Directory/eu-csv-import.htm.

    If you you have any further more in depth question please do not hesitate to open a support ticket so we ca assist you further on.

    Expand Post

  • AdminS.06085 (Customer)

    Hi Tomas,

     

    many thanks for your reply and sorry for my late response. i was on a short term leave and just saw your message here.

    Yeah, i think unfortunately the API is the only option as i am not able to call the OKTA ID inside the user profile. so i need to Write the current ID into a custom attribute - but this in future when OKTA is the Master (this will be automated for all new users in future)

     

    This all is for preparing the switch of Master to OKTA, but we need before the OKTA ID inside the AD, so we need an export of all OKTA IDs inside a CSV (best including with an SAM Accountname or a USer Principal Name) to update the AD and push back the OKTA ID in a custom Attribute.

     

    Are we able to export a list of all OKTA Users with AD, SAM Account Name into CSV, with the API in an easy way :D? (Ive read over some threads and getting the limitation of 200 users etc etc etc) just asking.

     

    best

    martin

     

     

     

    Expand Post
This question is closed.
Loading
Write OKTA User ID to Active Directory