ChrisT.58230 (Customer) asked a question.
In short, the distinguishedName (dn) and objectGUID (externalId) are not base attributes in the Okta profile.
We are new to Okta, so maybe I'm over-thinking this. We synced up our AD without a problem. Now we are at the "provisioning" step and see this error: "One or more required attributes are not mapped. To prevent provisioning failures, scroll down to xxx.company.com Attribute Mappings and set mappings for the attributes that are marked with a warning icon."
Scrolling down to the mappings, I see:
The field does not exist when I edit it either.
Then this page confuses me a bit more: https://help.okta.com/en/prod/Content/Topics/Directory/Directory_AD_Field_Mappings.htm
Anyone have any insight into this?!?
I believe the mapping here is for "an okta user to an AD user", so unless you actually do want okta to modify your AD users, you don't need to worry about it. If this is what you want, you can click the edit button for the field in question and choose what you would want mapped to it.
Hi Jesse,
I have similar issue but when I click to map the objectGUID it's doesn't allow me since it set for read-only. "Target field externalId is read-only, and cannot be mapped" Question I have where can modify the permission to allow this to be writeable?
Hi Sophen, I have same problem, it's read only i am not even able to assign it to anything. Have you been able to solve it?
When viewing the SETTINGS for "To App", this means the Okta attributes that map to the external Directory (like Active Directory). You most likely are setting it up the other way around "from AD 'To Okta'". The 2 warnings in the screen shot above are due to the Okta service account created during the AD Agent install does not have permission to write these attributes in AD. You most likely would not want to write these attributes back to AD since you are configuring AD to Okta. You can ignore the warnings on "To App", and click on the "To Okta" to view those mappings. There you should not see any warnings; your users should import into Okta fine and you can continue with the provisioning and next steps. This was confused me as well the first time I set up AD integration since the first thing you see after agent install is a warning and you think you've done something wrong or configuration didn't work as expected. You have not, and it worked correctly.