About profile mapping
Profile mappings allow administrators to precisely control the attributes exchanged during the provisioning processes. For a list of apps that integrate particularly well with Universal DirectoryUniversal Directory enables you to store an unlimited amount of users and attributes from applications and sources like AD or HR systems. Any type of attributes are supported including linked-objects, sensitive attributes, and pre-defines lists. All of it accessible by all apps in our OIN catalog, over LDAP or via API., see Apps Supporting Profile Mapping. The two chief use-cases that Universal Directory facilitates are
- AppAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. to Okta
- Okta to app
In the first use-case (App to Okta), organizations typically use a source-of-truth app such as a directory or human resources system. Some organizations might have several sources of truth. Mappings define how attributes from these various sources are imported into the Okta user profile.
The following diagram illustrates the first use case. In the example, Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management. (AD) and Workday supply the Okta user profile with attributes (AD provides FirstName and LastName; Workday provides Boss). The diagram illustrates the mapping of givenName and sn to FirstName and LastName (from AD to Okta), and it shows the mapping from managerUserName to Boss (from Workday to Okta).
In the second use-case (Okta to App), organizations want to propagate the data in Okta to other applications to provision accounts and update accounts with rich data. This is possible if the Okta user profile has rich attributes and the app in Okta supports provisioning.
The following diagram illustrates the second use-case. In the example, Okta sends four attributes to Google. The diagram shows the mappings of four Okta user profile attributes to four Google App user profile attributes.