FabianS.37671 (Customer) asked a question.
Identity providers: Why is there a reverse profile mapping?
When I add an Identity Provider, a profile with attribute mappings is created. I can edit the latter from /admin/access/identity-providers -> Configure -> Edit profile and mappings -> Mappings. In that editor, I can see two groups of mappings: a) from the identity provider appuser to the Okta user and b) from the Okta user to the identity provider appuser.
I understand the first mapping is used when a user is JIT-created in Okta when someone logs in using the identity provider (and probably also on subsequent logins if the identity provider is a profile master).
What is the second mapping used for?
Hello Fabian,
There may be instances where you want to pull in information in to Okta, such as from an HR system. There may also be instances where you want to push information, such as provisioning an email account. Identity Providers provide different types of information and the mappings will help insure that all systems have the information they need, in the fields they're needed in, formatted in the way they should. This works in multiple directions. Let me know if this helps!
Tim
Okta, Inc.
Hi Tim,
Thanks for the answer. Have you got an example (link) for how I'd perform a use case in Okta that uses the reverse mapping of an Identity Provider (i.e., from Okta user to appuser)?
Regards,
Fabian