MichaelB.71007 (Customer) asked a question.
We're looking to implement self-service password resets and will have gmail federated by Okta so if someone is unable to log into their computer, they will be unable to receive an email from Okta to proceed with the password reset. Our compliance team has confirmed SMS and Voice Calls are out of the question so we can't use that route. I am hopeful that I can map employee's manager's email address as their secondary email in their profiles so in the event they need to reset their password, they can select the primary or secondary email depending on how accessible their email account is.
I've found a few different threads that suggest to use "getManagerUser("active_directory").email" but whenever I attempt to map this from our active directory to the Okta user profile I am met with "error in evaluating express". If I adjust the "active_directory" string to specify the AD source I am building this mapping from then I simply get "null".
I am hopeful someone will be able to shed some light as I just seem to be spinning wheels trying to push forward with this.
Thanks!
When multiple Active Directories are integrated with Okta and the user exists in more than one integration with the same username, using the getManagerUser("active_directory") expression in the first directory integration mappings will display the following error: "Error in evaluating expression".
Be sure to pass the correct App name for the managerSource, assistantSource, and attributeSource parameters.
At this time, active_directory is the only supported value for managerSource and assistantSource.
Calling the getManagerUser("active_directory") function doesn't trigger a user profile update after the manager is changed.
If you still having issues implementing this mapping can open a support ticket.