<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D5WR0000118d8Y0AQOkta Classic EngineLifecycle ManagementAnswered2025-12-01T17:24:15.000Z2025-11-28T19:33:45.000Z2025-12-01T17:24:15.000Z

MylesH.35657 (Customer) asked a question.

November 28, 2025 at 7:33 PM
Mapping attribute for SCIM provisioning using an Expression

I have an application (Rocketlane) that supports SCIM provisioning. In my downstream application, I have roles for employees, and contractors. There are different roles for different geographies. For example: "Contractor India", and "Contractor EMEA".

 

When I assign a user to the SCIM application, it allows to me specify a role value at the time. However, I'm planning only group assignments.

I want to use an expression to set the Role value dynamically. When I go to Mappings, and click on the "Roles" attribute It allows me to select "Expression' as the attribute value. I want the value to be based on their title or membership in a specific group. Is this possible?

 

The closest I've come is this, but it returns NULL when I test with a member of that group.

isMemberOfGroup("00g16dd5my1vQIgBS1t8") ? ["Contractors"] : [""]

/help/servlet/rtaImage?refid=0EMWR00000LNGET

/help/servlet/rtaImage?refid=0EMWR00000LNIBR

  • 3 answers
  • 111 views

  • Mihai N. (Okta, Inc.)

    Hi @MylesH.35657 (Customer)​ , Thank you for reaching out to the Okta Community! 

     

    This should work, but you might need to adjust the syntax a bit. Try the following:

     

    isMemberOfGroup("00g16dd5my1vQIgBS1t8") ? "Contractors" : null

     

    If you have the title attribute populated on the user's Okta profile for example with "non-FTE" or whatever value you have in your org, you can leverage the following:

     

    user.title == "non-FTE" ? "Contractors" : null

     

    You should be able to extend the syntaxes to work with multiple values. For example:

     

    isMemberOfGroup("00g16dd5my1vQIgBS1t8") ? "Contractors" : isMemberOfGroup("otherGrouoID") ? "otherRoleValue" : null

     

     

    user.title == "non-FTE" ? "Contractors" : user.title == "FTE" ? "Full-time Employee" : null

     

    More details about Okta Expression Language here.

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

     

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Collect them all. Learn a new skill and earn a new Okta Learning badge.

    Just released: More Okta Community badges just added

    Expand Post

  • MylesH.35657 (Customer)

    Hi @Mihai N. (Okta, Inc.)​ - I appreciate your assistance here.

     

    Unfortunately nothing I've tried seems to work. As a test, I tried comparing user.firstName values, but it always evaluates to NULL. This should have returned Employee, but it didn't even return Contractor.

     

    As an aside, my downstream application expects a String Array, which is why included [ ] around my values.

     

    image

    Expand Post

Loading
Mapping attribute for SCIM provisioning using an Expression