Add custom attributes to apps, directories, and identity providers
You can only add attributes to the directory profile if they're already in the directory, so Okta performs a schema discovery to populate the list of available attributes. For Okta to discover the attribute, it must be added to an object within the user object hierarchy in the directory: a user object, a parent object, or an auxiliary object.
Empty user attribute fields are processed as ""
or as an empty string and saved as ""
in the profile. User profiles with empty strings are returned when using search=(profile.<propertyName> pr)
because they contain a value and not NULL. To set the attribute as NULL, you need to use the Okta API. See Okta Developer documentation.
Schema discovery takes a few seconds to complete. When it's done, the list of the attributes appears. These are attributes that Okta has the permissions to discover in the directory.
- In the Admin Console, go to .
- In the Filters list, select Apps, Directories, or Identity Providers.
- Click the profile name for the app, directory, or Identity Provider (IdP) that you want to modify.
- Click Add Attribute.
- Complete these fields:
- Data type: Select one of these data types:
- string: A chain of zero or more Unicode characters (letters, digits, or punctuation marks).
- number: A floating-point decimal in Java 64-bit Double format. See Platform Specification.
- boolean: True, false, or null data values.
- integer: Whole numbers in Java 64-bit Long format.
- string array: A sequential collection of strings.
- number array: A sequential collection of numbers.
- integer array: A sequential collection of integers.
- country code: A code representing the country of origin for the user.
- language code: A code representing the user language.
- linked object: A code representing the user relationship to another attribute.
- Display name: A human-readable label that appears in the UI.
- Variable name: The name of attribute that can be referenced in mappings.
- External name: The name of the attribute in the IdP assertion or profile API, such as a SAML attribute name. A warning appears if the external name is missing. If it's missing, do one of the following actions:
- Delete the External name attribute from the Admin Console and then add it again. See Delete custom app, directory, and identity provider attributes. After you've deleted the attribute, follow this procedure again to add it.
- Update or add the External name attribute in the API. See Update the App User Profile Schema for an App in Okta Developer Documentation. Add the externalName parameter and its name in this format: "externalName": "appUserName". If externalName exists, add the name to the parameter.
- Description: The description of the attribute.
- Data type: Select one of these data types:
- Optional. Complete the following fields:
- Enum: Select this checkbox to define an enumerated list of values. This option supports all data types except boolean.
- Attribute members: Enter the Display name and Values. For example, small, medium, and large.
- Restriction: Select Value must be unique for each user to require that the attribute is unique for every user.
- Attribute length: Select a length parameter from the dropdown list, and then enter the minimum and maximum values.
- Attribute required: Select this checkbox to indicate that the attribute is required.
- User permission: Select a user permission level. Make any attributes used in application usernames read-only or hidden.
- Click Save or Save and Add Another to add another custom attribute.