DiegoD.48833 (Customer) asked a question.
Hello, community.
We are setting an inbound federation to Okta using custom OIDC connector.
For this specific scenario, the user's unique ID is cellphone number and not e-mail. Due this, there are cases where user does not have an email. When it happens, the IDP is not sending e-mail attribute value to Okta and the authentication is failing
with an error 400: mandatory attribute not present: email.
We tried an expression on mapping to use the phoneNumber when e-mail is not present but it does not work as well.
One possible solution would be to change the IdP username to use Phone number but the only value present is idp.email which will come empty.
Does anyone have a similar scenario where the external IDP would not have users e-mail? Any ideas how to solve this issue?
Thanks
Hello @DiegoD.48833 (Customer) Thank you for posting on our Community page!
The problem here is that the email attribute is a mandatory attribute in Okta, whithout this the user will not be able to login. In this case, you will need to change the email attribute mapping to add a fake email when no email is present in the inbound federation.
You will need to navigate to Directory -> Profile Editor -> select the IDP in question -> Mappings -> Idp in question to Okta User tab and on the email attribute box you can use something similar to this:
source.email != null ? source.email : source.mobilePhone + "@domain.com"
Thank you for reaching out to our Community and have a great day!
--
Help others in the community by liking or hitting Select as Best if this response helped you.