Base Active Directory attributes

There is a distinction between base and custom attributes. For Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management. (AD), only 10 attributes are considered base. This means that for Okta, a minimum AD profile contains only 10 attributes. Every attribute outside of the 10-field base profile is considered custom. Some of these custom attributes were previously part of the static profile, but now with UD, you can remove them.

Display Name Variable Name Data Type
distinguishedName dn string
mail email string
objectGUID externalID string
givenName firstName string
sn lastName string
managerUpn managerUpn string
objectSid objectSid string
primaryGroupID primaryGroupID string
sAMAccountName samAccountName string
userPrincipalName userName string

If you have manager value coming from Workday or any other application into Okta and that value can be represented as managerUPN in AD, use the managerUpn mapping. When doing so, the manager must be in same domainA domain is an attribute of an Okta organization. Okta uses a fully-qualified domain name, meaning it always includes the top-level domain (.com, .eu, etc.), but does not include the protocol (https). as the user.

If you have manager value coming from Workday or any other appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. into Okta and that value can be represented as mangerDN in AD, use the managerDn mapping. In this case the manager can be in different domain than the user.

Mapping the managerUPN or the managerDN incorrectly could result in the manager value failing to update the user object in AD.