PeteF.17931 (Customer) asked a question.
Generate uidNumber and primaryGroupID in Okta to sync to AD
I currently have Okta integrated with AD, with Okta as the source of truth. I have an application that is doing LDAP lookups to AD and requires RFC2307 mappings be in place, specifically uidNumber and primaryGroupID. Both are interger type fields. I've tried using the user.getInternalProperty("id") value for the uid, but this has non-numeric characters in it and can't be converted to an integer. Is there a way to genterate these integer values for all users in Okta so that they can be mapped to AD?
@PeteF.17931 (Customer) - Based on the example in the RFC it doesn't have a minimum length and doesn't appear to be a random example:
uidNumber: 10
gidNumber: 10
This corresponds the UNIX system password file entry:
lester:X5/DBrWPOQQaI:10:10:Lester:/home/lester:/bin/sh
So what you are attempting to do is definitely possible but it is going to require you to either leverage something like Okta Workflows or build your own script.
You could either assign a random integer to a new profile property on all existing users then going forward make that part of your onboarding process. If the number is potentially large enough the odds of duplicates are low but you should build handling for when a duplicate occurs.
OR
You could increment an integer value on all users. You could leverage the EVERYONE group to determine the current number of users via the Groups API and (expand=stats) to grab the usersCount property value and increment it each time a new user is created. .
"_embedded": {
"stats": {
"usersCount": 824,
In either instance.. This is going to be custom for the population of the value.
The second part of this is just built-in which is profile mapping from Okta --> AD of the existing attribute to a mapped one in AD which would push the values.