Using Custom Attributes with LDAP
For Universal Directory, LDAP is just another application. That is, LDAPhas its own unique AppAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. User Profile within Okta. You can view user profiles for directories in Directory > Profile Editor.
Profile Editor gives admins complete control over the LDAP app profile for a user. Admins can add and remove attributes from the profile, customize attribute mappings, and perform data transformations within the inbound or outbound flows.
- Navigate to Directory > Profile Editor.
- Click Profile in the Actions column for the directory you want to update.
- Click Add Attribute.
- In the Pick Schema Attributes window, select the attributes you want to add.
- To remove a custom attribute, find it in the Profile window and then click X to delete it.
You can only add attributes to the LDAP profile if they are already in the LDAP directory, so Okta first does a schema discoveryAbility to import additional attributes to Okta step to populate the attribute picker. For Okta to discover the attribute, it must be added to an object within the User object hierarchy. That is, the attribute has to be added to either the user object, a parent object, or an auxiliary object in order to be discovered during this process.
Executing schema discovery takes a few seconds. When finished you are provided with a list of the attributes that Okta is permitted to discover in LDAP.