I am testing some AD integration for a customer POC. I am pulling users from my Test AD into Okta (which will eventually be mastered in Okta Universal directory).

The initial import will integrate all attributes into the Okta Identity to be mastered in Universal Directory. Any subsequent new identities will be created in Universal Directory and pushed to AD therefore I'd ideally like to map the manager email back to Active Directory, but I’m stuck at the first hurdle!

NOTE: Only the one Active Directory is integrated!

What I am trying to achieve is the mapping of AD Manager attribute from a user to Okta (see Okta attribute mapping expressions below):

Okta Attribute: ManagerID

AD > Okta expression: 'getManagerUser("active_directory").email' or 'getManagerAppUser("active_directory", "active_directory").email'

Expected Result: manager.email@domain.com

Actual Result: <BLANK>

Comment: The expression preview test displays as expected but does not pull the information into the attribute on user import.

Okta Attribute: Manager

substringAfter(substringBefore(appuser.managerDn, ',OU'), 'CN=')

Expected Result: Firstname Lastname

Actual Result: Firstname Lastname

Comment: Works as expected