Modify attributes with expressions

Expressions within mappings let you modify attributes before they are stored in Okta or sent to apps.

Expressions allow you to concatenate attributes, manipulate strings, convert data types, and more. Okta supports a subset of the Spring Expression Language (SpEL) functions. For a comprehensive list of the supported functions, see Okta Expression Language. All functions work in UD mappings.

While some functions (namely string) work in other areas of the product (SAML 2.0 Template attributes and custom username formats for example), not all do.

Expressions are useful for maintaining data integrity and formats across apps. For example, you might want to use an email prefix as an username, bulk replace an email suffix, or populate attributes based on a combination of existing ones (for example, displayName=lastName,firstName).

  1. In the Admin Console, go to DirectoryProfile Editor.
  2. Optional. Select Okta, Apps, Directories, or Identity Providers in the Filters list to filter the list of apps.
  3. Click Mappings for the application, directory, or identity provider and select Configure User mappings if a list appears.
  4. Select one of the following tabs in the User Profile Mappings dialog box:
    • App to Okta User: Select this tab to modify attributes from the app to Okta. The app contains the source attributes and Okta is the target.
    • Okta User to App: Select this tab to modify attributes from Okta to the app. Okta contains the source attributes and the app is the target.
  5. Enter an expression in the Choose an attribute or enter an expression field.
  6. Preface the variable name(s) with the corresponding object or profile:

a. source refers to the object on the left:

  • Can be used in either Okta to App or App to Okta mappings.
  • Example: source.firstName

b. user refers to the Okta user profile:

  • Can only be used in the Okta to App mapping.
  • Example: user.firstName

c. appUser (implicit reference) refers to the in-context app (not Okta user profile):

  • Can only be used in the App to Okta mapping.
  • Example: appUser.firstName

d. appUserName (explicit reference) refers to a specific app by name:

  • Can be used in either Okta to App or App to Okta mappings.
  • Is used to reference an app outside the mappings.
  • Example:google.nameGivenName
  • If multiple instances of an app are configured, additional app user profiles that follow the first instance are appended with an underscore and a random string.
  • Example:google, google_<random string 1>, google_<random string 2>
  1. To find instance and variable names use the profile editor:

a. In the Admin Console, go to DirectoryProfile Editor.

b. Select Profile for the app, directory, or IdP and note the instance and variable name.

  1. Click Save Mappings and Apply updates now.

Attributes are not updated or reapplied when the user's group membership changes.