This is an Early AccessEarly Access (EA) features are opt-in features that you can try out in your org by asking Okta Support to enable them. Additionally, the Features page in the Okta Admin Console (Settings > Features) allows Super Admins to enable and disable some EA features themselves. feature. To enable it, contact Okta Support.

Work with custom user types in Universal Directory

Okta supports up to 10 user types: the default Okta user profile plus up to 9 custom user types.

When you create a custom user type, Universal DirectoryUniversal Directory enables you to store an unlimited amount of users and attributes from applications and sources like AD or HR systems. Any type of attributes are supported including linked-objects, sensitive attributes, and pre-defines lists. All of it accessible by all apps in our OIN catalog, over LDAP or via API. makes a copy of the latest default Okta user profile with the default 31 base Okta attributes. The copy is created with the new user type name you give it (for example, "Contractors"). Once this copy is made, you can then add custom attributes that are relevant to the Contractor user type.

You can customize the 31 base Okta user attributes. Each custom user type can have different attribute settings. You can make some attributes optional or required, select different enum types, and so on. Each user type can map the Okta user profile attributes to different application attributes and add custom attributes. This gives you complete flexibility in your authentication and provisioning scenarios.

Each Okta end user can only have one user type. That is, Jane Doe can only have one Okta user profile type: either the default Okta user profile or a custom user type. You must maintain a one-to-one mapping.

Known issues

These are the known issues for the Early Access release:

Prerequisites

You must be a super or org admin to create custom user types. Once a user type has been created, other admins are able to add properties and mappings, similar to working with the default Okta user type.

You should have a good understanding of how Universal Directory, Profile Editor, attributes, custom attributes, and attribute mappings work, as described in these topics:

Create a new user type

You can create up to 9 custom user types.

  1. Sign in to the Okta Admin Console with super or org admin permissions and click Directory > Profile Editor.
  2. Click Create Okta User Type.
  3. In the Create Okta User Type dialog, complete these fields:
    • Display Name - Enter a name for the user type. For example, Contractor or Student. There is a 50 character limit.
    • Variable name - Accept the auto-generated value, or enter a value.
  4. Click Save.

The new user type appears in the profile editor. Click Profile to edit the profile attributes.

To change the user type Display name, click Edit, enter a new value, and click Save Profile. You cannot change the variable name .

User type attributes and mappings are managed in the same way as the default Okta user profile.

Map a user type to an application

After you create a user type, you can map it to a specific application to associate the user type attributes with the application.

  1. On the Okta Admin Console, click Directory > Profile Editor.
  2. Select Apps in the Filters list.
  3. Select an application, click Mappings, and select a user type.
  4. Optional. Map attributes. See Map profile attributes
  5. Click Save Mappings or Cancel to return to the profile editor.

Create a user and assign a user type

When you create a new user, you associate them with an Okta user type.

Info

Note

Users imported from applications such as Active Directory, LDAP, Workday, or from a CSV file are assigned the default user type.

  1. On the Okta Admin Console, click Directory > People.
  2. In the User type list, select a user type.
  3. Complete these fields:
  • First name — Enter the user's first name.
  • Last name — Enter the user's last name.
  • Username — Enter the user's user name in email format.
  • Primary email — Optional. Enter the user's primary email if it's different from their username.
  • Groups — Optional. Enter the groups to which the user belongs.
  • Password — Select Set by user to allow the user to set their password, or select Set by admin and enter a password.
  • Send user activation now - Optional. This check box is available when Set by user is selected as the password option. Select this check box to send a user activation email to the user.
  • User must change password on first login — Optional. This check box is selected by default when you select Set by admin as the password option. Clear this check box if you do not want the user to change their password when they first log in.
  1. Click Save.

Delete a user type

Delete a user type when it's no longer required. A user type can only be deleted when there are no users assigned to it. If there are users associated with the user type when you try to delete it, you'll see a warning that they must be deleted first.

Users can be deleted in Directory > People. You will have to manually deactivate and then delete each user.

Info

Important

  • Deleting a user type cannot be undone.
  • The default Okta user type cannot be deleted.
  1. On the OktaAdmin Console, click Directory > Profile Editor.
  2. Select the Okta user type you want to delete and click Profile.
  3. Click Delete.
  4. Click Delete to confirm your decision.

Related topics

About custom user types in Universal Directory

Work with Okta user profiles and attributes

Applications

Top