AlexanderW.38331 (Customer) asked a question.
When ingesting a security group from a source of truth, I don’t see an option in Okta to map the group’s "mail" attribute.
Our use case is to ensure that the designated email address from a source of truth (eg. AD) is preserved when we push the group to downstream applications. Currently, only attributes like Name, Description, DepartmentID, endUserDisplayName, and endUserDisplayDescription appear to carry over. When initiating a group push, Okta seems to default to using the group name and appending @yourdomain.com.
For example, if we have a group named FTE_Employees with an email alias of fte_e@domainname.com, we want that exact alias to carry over when pushing the group to destinations like Azure AD or Google Workspace. Instead, it gets converted to FTE_Employees@yourdomain.com.
Is there a way to preserve or map the original mail attribute during group ingestion and push?
Hi @AlexanderW.38331 (Customer) , Thank you for reaching out to the Okta Community!
This is not currently supported. Something similar is being discussed in this article.
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--
Help others in the community by liking or hitting Select as Best if this response helped you.
Collect them all. Learn a new skill and earn a new Okta Learning badge.
This month's AMA topic: Okta Device Access. Ask away today.