Match imported user attributes

When you import users, you can create Okta rules to match any attribute that is currently mapped from an AppUser profile to an Okta user profile. Attribute matching helps you sync identities from multiple applications and determine whether an imported user is new or if the user profile already exists in Okta. For example:

  • When a user is imported from Workday, you can match that user to existing user profiles based on their user name, email address, or first and last name.
  • To set up a regularly scheduled import from Workday, you can match the Employee's EmployeeID.
  • To consolidate multiple Active Directory (AD) domains, you can link the AD Domains to a single Okta user with an attribute that's populated across all AD domains (they match on the SAM Account Name).
  1. In the Admin Console, click Applications Applications.
  2. Enter the name of the app in the Search field and select the app link.
  3. Click the Provisioning tab and select To Okta in the Settings list.
  4. Click Edit in the User Creation & Matching area, select The following attribute matches, and select the attribute. Matches are case sensitive.
  5. Click Save.
  6. Click the Import tab, select Import Now, and click OK when the import finishes.

    7. The imported users that matched the attribute that you selected are listed. If there is no match, a new user is created. If there is a match, then the user is linked to an existing user profile in Okta.

    Okta treats these as exact matches. You can configure auto-confirmation and auto-activation if a match is found. To check if an attribute is missing from the list of matching attributes, go to Directory Profile Editor and make sure that the attribute is mapped.