Using Custom Attributes with LDAP
For Universal DirectoryUniversal Directory enables you to store an unlimited amount of users and attributes from applications and sources like AD or HR systems. Any type of attributes are supported including linked-objects, sensitive attributes, and pre-defines lists. All of it accessible by all apps in our OIN catalog, over LDAP or via API., LDAPLightweight Directory Access Protocol (LDAP) is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP/IP or other connection oriented transfer services. is just another application. That is, LDAP has its own unique AppAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. User Profile within Okta. You can view user profiles for directories in Directory > Profile Editor.
Profile Editor gives admins complete control over the LDAP app profile for a user. Admins can add and remove attributes from the profile, customize attribute mappings, and perform data transformations within the inbound or outbound flows.
- Navigate to Directory > Profile Editor.
- Click Profile in the Actions column for the directory you want to update.
- Click Add Attribute.
- In the Pick Schema Attributes window, select the attributes you want to add.
- To remove a custom attribute, find it in the Profile window and then click X to delete it.
You can only add attributes to the LDAP profile if they are already in the LDAP directory, so Okta first does a schema discoveryAbility to import additional attributes to Okta step to populate the attribute picker. For Okta to discover the attribute, it must be added to an object within the User object hierarchy. That is, the attribute has to be added to either the user object, a parent object, or an auxiliary object in order to be discovered during this process.
Executing schema discovery takes a few seconds. When finished you are provided with a list of the attributes that Okta is permitted to discover in LDAP.