<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00009nBS7nCAGOkta Classic EngineDirectoriesAnswered2023-11-20T17:06:26.000Z2023-11-15T01:40:38.000Z2023-11-20T17:06:26.000Z

AdriaanP.30238 (Customer) asked a question.

November 15, 2023 at 1:40 AM
Update profile attribute on external Idp login

Would it be possible that when a user logs in using an external IDP, that information from the IDP is used to update Okta user profiles?

 

We have a current situation where we are using and external OIDC IDP and would like to populate a profile attribute from the external IDP's userinfo end point. This works when a new profile is created (JIT), but would like existing profiles to be updated when users log in (this information can also change during the lifetime of the account in the external IDP).

 

 

  • 3 answers
  • 1K views

  • Mihai Negoita - Okta (Okta, Inc.)

    Hi @AdriaanP.30238 (Customer)​ , Thank you for reaching out to the Okta Community! 

     

    If you have configured the IDP to be a Profile Source, you should have the option to select "Update attributes for existing users" under the configuration page (Okta Admin dashboard → Security → Identity Providers → <impacted IDP name> → Actions → Configure ). 

    That being said, I recommend testing in preview if possible or at least double checking all profile information for the preexisting users that would be sourced in the external IDP before enabling the override.

    Pasted 

     

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

    --------------------------------

    What you missed: new product releases and other announcements

    Expand Post
    Selected as Best

  • Mihai Negoita - Okta (Okta, Inc.)

    Hi @AdriaanP.30238 (Customer)​ , Thank you for reaching out to the Okta Community! 

     

    If you have configured the IDP to be a Profile Source, you should have the option to select "Update attributes for existing users" under the configuration page (Okta Admin dashboard → Security → Identity Providers → <impacted IDP name> → Actions → Configure ). 

    That being said, I recommend testing in preview if possible or at least double checking all profile information for the preexisting users that would be sourced in the external IDP before enabling the override.

    Pasted 

     

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

    --------------------------------

    What you missed: new product releases and other announcements

    Expand Post
    Selected as Best

  • AdriaanP.30238 (Customer)

    Hi Mihai,

     

    Regarding configuring the IDP as a Profile source, I couldn't find any options for that. I do see the 'Update attributes for existing users' setting under Identity Provider. Is that what you meant?

     

    Also, for setting Profile sources per attribute in the Profile editor to use Okta, it seems possible only in the Identity Engine, not the Classic Engine. Is this expected, or do we need to enable IDP as a profile source for the option to appear in the Classic Engine?

     

    Thanks,

    Adriaan

    Expand Post

    • Mihai Negoita - Okta (Okta, Inc.)

      Hi @AdriaanP.30238 (Customer)​ Once you select the 'Update attributes for existing users' option under the IDP configuration and go back to the page listing all your IDPs, it should show a checkmark under the “Profile source” column. (see example below)

      Pasted 

      As for your other question, assuming I understood correctly and you are looking to override Okta attributes via attribute level sourcing (mastering), you would have to have other Profile Sources enabled for the option to be made available in the dropdown. 

      If you do have other Profile Sources enabled but the feature is not available to you (assuming you have proper Admin permissions) you might need to have it enabled by Okta Support via a ticket. 

      The feature is not restricted to OIE and as far as I know it is not restricted by SKU either. For the latter you might want to check with your Okta Account Executive as well.  

       

       

       

      Regards.

      --------------------------------

      What you missed: new product releases and other announcements

      Expand Post
This question is closed.
Loading
Update profile attribute on external Idp login