Add or remove custom LDAP attributes

For Universal Directory, LDAP is just another application. That is, LDAP has its own unique App User Profile within Okta. You can view user profiles for directories in the Profile Editor.

Te Profile Editor gives admins complete control over the LDAP app profile for a user. Admins can add and remove attributes from the profile, customize attribute mappings, and perform data transformations within the inbound or outbound flows.

You can only add attributes to the LDAP profile if they are already in the LDAP directory, so Okta first does a schema discovery step to populate the attribute picker. For Okta to discover the attribute, it must be added to an object within the User object hierarchy. That is, the attribute has to be added to either the user object, a parent object, or an auxiliary object in order to be discovered during this process.

Executing schema discovery takes a few seconds. When finished you are provided with a list of the attributes that Okta is permitted to discover in LDAP.

  1. On the Okta Admin Console, click Directory > Profile Editor.
  2. Select Directories in the Filters list.
  3. Click Profile in the Actions column for the directory you want to update.
  4. Click Add Attribute.
  5. In the Pick Schema Attributes dialog, select the attributes you want to add.
  6. Click Save.
  7. Optional. To delete a custom attribute, locate it in the Attributes list and then click X.