Add proxyAddresses from Okta to AD without overwriting existing ones

User17055991943374153411 (Customer)

2 years ago

Hi Laura,

The first link does not answer the question I have, which is specific to overwriting the proxyAddress field, not importing users from AD generally.

The second link explains how to do it with PowerShell without overwriting existing proxyAddresses, which I am aware how to do, but does not explain how to do it with Okta, which is what I am asking.

I did find a workaround, but it's cumbersome and I would be interested in a better option.

Imported the proxyAddress attribute to Okta from AD
Created two Okta User array attributes:
- proxyAddresses (mastered by Okta)
  - Mapped this attribute to control the proxyAddress AD attribute
- proxyAddressesFromAd (mastered by AD)
  - Mapped the AD proxyAddresses attribute to control this attribute
Created an Okta Workflow which actions whenever the Update User Profile For Okta event is triggered
- Continues if the field changed is proxyAddressesFromAd
- Sets the proxyAddresses field equal to the proxyAddressesFromAd field

This allows adding a proxyAddress to either the proxyAddresses attribute in Okta, or directly to the proxyAddresses attribute in AD, and both a) having the data in Okta and b) not inadvertently overwriting the data in AD. If someone goes to add a proxyAddress via Okta, all the existing proxyAddresses are already filled out in the array, so they'd have to consciously delete one to remove it. And if they did, that change would be reflected in both Okta and AD as expected. It works, it's just a bit clunky due to having two proxyAddress-related fields in Okta, only one of which is writeable within Okta, and needing a Workflow to keep one of them up to date.

Expand Post

User16594883467582706479 (Customer Support Online Experience)
2 years ago
Hi, @User17055991943374153411 (Customer)

Thank you for posting on our Community page!

Here is a previously answered question on the topic,
https://support.okta.com/help/s/question/0D54z00006sT4LECA0/will-an-ad-import-overwrite-existing-users?language=en_US

And an interesting article
https://devblogs.microsoft.com/scripting/how-can-i-add-an-email-address-to-the-proxyaddresses-attribute/

Thank you for reaching out to our Community and have a great day!

--
Join the discussion for the Ask Me Anything online event on May 23, 2024 with Okta Tactical Edge Product Experts
Expand Post
User17055991943374153411 (Customer)
2 years ago
Hi Laura,

The first link does not answer the question I have, which is specific to overwriting the proxyAddress field, not importing users from AD generally.

The second link explains how to do it with PowerShell without overwriting existing proxyAddresses, which I am aware how to do, but does not explain how to do it with Okta, which is what I am asking.

I did find a workaround, but it's cumbersome and I would be interested in a better option.

Imported the proxyAddress attribute to Okta from AD
Created two Okta User array attributes:
proxyAddresses (mastered by Okta)
Mapped this attribute to control the proxyAddress AD attribute
proxyAddressesFromAd (mastered by AD)
Mapped the AD proxyAddresses attribute to control this attribute
Created an Okta Workflow which actions whenever the Update User Profile For Okta event is triggered
Continues if the field changed is proxyAddressesFromAd
Sets the proxyAddresses field equal to the proxyAddressesFromAd field

This allows adding a proxyAddress to either the proxyAddresses attribute in Okta, or directly to the proxyAddresses attribute in AD, and both a) having the data in Okta and b) not inadvertently overwriting the data in AD. If someone goes to add a proxyAddress via Okta, all the existing proxyAddresses are already filled out in the array, so they'd have to consciously delete one to remove it. And if they did, that change would be reflected in both Okta and AD as expected. It works, it's just a bit clunky due to having two proxyAddress-related fields in Okta, only one of which is writeable within Okta, and needing a Workflow to keep one of them up to date.
Expand Post

Your Privacy

Your Privacy

Strictly Necessary Cookies

Strictly Necessary Cookies

Functional Cookies

Functional Cookies

Performance Cookies

Performance Cookies

Share or Sell of Personal Data

Share or Sell of Personal Data

Advertising Cookies

Your Privacy

Your Privacy

Strictly Necessary Cookies

Strictly Necessary Cookies

Functional Cookies

Functional Cookies

Performance Cookies

Performance Cookies

Share or Sell of Personal Data

Share or Sell of Personal Data

Advertising Cookies