Using Custom Attributes with LDAP
For Universal DirectoryUniversal Directory enables you to store an unlimited amount of users and attributes from applications and sources like AD or HR systems. Any type of attributes are supported including linked-objects, sensitive attributes, and pre-defines lists. All of it accessible by all apps in our OIN catalog, over LDAP or via API., LDAPLightweight Directory Access Protocol (LDAP) is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP/IP or other connection oriented transfer services. is just another application. That is, LDAP has its own unique AppAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. User Profile within Okta. You can view user profiles for directories in Directory > Profile Editor.
Profile Editor gives admins complete control over the LDAP app profile for a user. Admins can add and remove attributes from the profile, customize attribute mappings, and perform data transformations within the inbound or outbound flows.
- On the Okta AdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. Console, click Directory > Profile Editor.
- Select Directories in the Filters list.
- Click Profile in the Actions column for the directory you want to update.
- Click Add Attribute.
- In the Pick Schema Attributes dialog, select the attributes you want to add.
- Click Save.
- Optional. To delete a custom attribute, locate it in the Attributes list and then click X.
You can only add attributes to the LDAP profile if they are already in the LDAP directory, so Okta first does a schema discoveryAbility to import additional attributes to Okta step to populate the attribute picker. For Okta to discover the attribute, it must be added to an object within the User object hierarchy. That is, the attribute has to be added to either the user object, a parent object, or an auxiliary object in order to be discovered during this process.
Executing schema discovery takes a few seconds. When finished you are provided with a list of the attributes that Okta is permitted to discover in LDAP.