Work with custom user types in Universal Directory

Okta supports up to 10 user types: the default Okta user profile plus up to 9 custom user types.

When you create a custom user type, Universal DirectoryUniversal Directory enables you to store an unlimited amount of users and attributes from applications and sources like AD or HR systems. Any type of attributes are supported including linked-objects, sensitive attributes, and pre-defines lists. All of it accessible by all apps in our OIN catalog, over LDAP or via API. makes a copy of the latest default Okta user profile with the default 31 base Okta attributes. The copy is created with the new user type name you give it (for example, "Contractor"). Once this copy is made, you can then add custom attributes that are relevant to the Contractor user type.

You can customize the 31 base Okta user attributes. Each custom user type can have different attribute settings. You can make some attributes optional or required, select different enum types, and so on. Each user type can map the Okta user profile attributes to different application attributes and add custom attributes. This gives you complete flexibility in your authentication and provisioning scenarios.

Each Okta end user can only have one user type. That is, Jane Doe can only have one Okta user profile type: either the default Okta user profile or a custom user type. You must maintain a one-to-one mapping.

Known issues

These are the known issues for custom user types:


You must be a super or org admin to create custom user types. Once a user type has been created, other admins are able to add properties and mappings, similar to working with the default Okta user type.

You should have a good understanding of how Universal Directory, Profile Editor, attributes, custom attributes, and attribute mappings work, as described in these topics:

Create a new user type

You can create up to 9 custom user types.

  1. Sign in to the Okta Admin Console with super or org admin permissions and click Directory > Profile Editor.
  2. Click Create Okta User Type.
  3. In the Create Okta User Type dialog, complete these fields:
    • Display Name - Enter a name for the user type. For example, Contractor or Student. There is a 50 character limit.
    • Variable name - Accept the auto-generated value, or enter a value.
  4. Click Save.

The new user type appears in the profile editor. Click Profile to edit the profile attributes.

To change the user type Display name, click Edit, enter a new value, and click Save Profile. You cannot change the variable name .

User type attributes and mappings are managed in the same way as the default Okta user profile.

Map a user type to an application

After you create a user type, you can map it to a specific application to associate the user type attributes with the application.

  1. On the Okta Admin Console, click Directory > Profile Editor.
  2. Select Apps in the Filters list.
  3. Select an application, click Mappings, and select a user type.
  4. Optional. Map attributes. See Map profile attributes
  5. Click Save Mappings or Cancel to return to the profile editor.

Create a user and assign a user type

When you create a new user, you associate them with an Okta user type.



Users imported from applications such as Active Directory, LDAP, Workday, or from a CSV file are assigned the default user type.

  1. On the Okta Admin Console, click Directory > People.
  2. Click Add Person.
  3. Select a user type in the User type list.
  4. Complete these fields:
  • First name — Enter the user's first name.
  • Last name — Enter the user's last name.
  • Username — Enter the user's user name in email format.
  • Primary email — Optional. Enter the user's primary email if it's different from their username.
  • Secondary email — Optional. Enter a secondary email to allow the user to access information when their primary email is unavailable.
  • GroupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups. — Optional. Enter the groups to which the user belongs.
  • Password — Select Set by user to allow the user to set their password, or select Set by admin and enter a password.
  • Send user activation now - Optional. This check box is available when Set by user is selected as the password option. Select this check box to send a user activation email to the user.
  • User must change password on first login — Optional. This check box is selected by default when you select Set by admin as the password option. Clear this check box if you do not want the user to change their password when they first log in.
  1. Click Save.

Change the user type

Change the user type to quickly apply new policies and other settings to users. For example, change a user with a contractor user type to an employee user type to apply employee specific policies and settings.

The attribute name and the attribute data type must be identical to allow values to transfer from one user type to another. When the existing attribute name and attribute data type are different in the new user type, the attribute values are not transferred and must be entered manually.

  1. On the Okta Admin Console, click Directory > People.
  2. Optional. Select a user type in the User Type list to filter the people list by a specific user type.
  3. Select a person in the Person & Username column.
  4. Click Change at the top of the user profile screen.
  5. In the Change user to list, select a user type.
  6. Verify the attribute values for the user are correct.
  7. Optional. Update any attribute values that were not transferred.
  8. Click Change user type.

The user type updates at the top of the user profile screen.

Delete a user type

Delete a user type when it's no longer required. A user type can only be deleted when there are no users assigned to it. If there are users associated with the user type when you try to delete it, you'll see a warning that they must be deleted first.

Users can be deleted in Directory > People. You will have to manually deactivate and then delete each user.



  • Deleting a user type cannot be undone.
  • The default Okta user type cannot be deleted.
  1. On the Okta Admin Console, click Directory > Profile Editor.
  2. Select the Okta user type you want to delete and click Profile.
  3. Click Delete.
  4. Click Delete to confirm.

Related topics

About custom user types in Universal Directory

Work with Okta user profiles and attributes