About custom user types in Universal Directory
Okta supports up to 10 user types. This number includes the default Okta user profile plus up to 9 custom user types.
When you create a custom user type, Universal DirectoryUniversal Directory enables you to store an unlimited amount of users and attributes from applications and sources like AD or HR systems. Any type of attributes are supported including linked-objects, sensitive attributes, and pre-defines lists. All of it accessible by all apps in our OIN catalog, over LDAP or via API. makes what is in essence a copy of the latest default Okta user profile with the default 31 base Okta attributes. The copy is created with the new user type name you give it (for example, "Contractor"). Once this copy is made, you can then add custom attributes that are relevant to the Contractor user type.
You can customize the 31 base Okta user attributes. Each custom user type can have different attribute settings. You can make some attributes optional or required, select different enum types, and so on. Each user type can map the Okta user profile attributes to different application attributes and add custom attributes. This gives you complete flexibility in your authentication and provisioning scenarios.
With User Types, you can:
- Have up to 10 distinct user types within a single Okta orgThe Okta container that represents a real-world organization..
- Apply different constraints on attributes. For example, for username, you can specify email as the format for one user type and sAMAccountName for a different user type.
- Have different profile mappings for the same appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. for different user types.
One user, one user type
Each Okta end user can only have one user type, which is selected when that user is created. That is, Jane Doe can only have one Okta user type: either the default Okta user type or a custom user type.
If Jane requires two user types, two distinct user profiles must be created. What does this mean?
Let's look at a scenario where Jane Doe is a teacher at a local college. As a teacher, she requires access to certain applications for creating class materials, providing student grades and dealing with internal employee applications for benefits, payroll and so on. Jane Doe would be created as the custom user type "Teacher".
If Jane Doe wants to take advantage of the free tuition offered to employees and she enrolls in a class, she would no longer be signing in as a teacher at the college. She would need a student profile, so she can access student-related applications for viewing class material, interacting with her classmates online, and viewing her grades. Jane Doe cannot re-use her existing Okta user ID. A new user profile must be created for her with the custom user type of "Student". This would require her to have a second user profile with the "student" attributes.
To work with custom user types, refer to Work with custom user types in Universal Directory