This is an Early AccessEarly Access (EA) features are opt-in features that you can try out in your org by asking Okta Support to enable them. Additionally, the Features page in the Okta Admin Console (Settings > Features) allows Super Admins to enable and disable some EA features themselves. feature. To enable it, please contact Okta Support.

Work with custom user types in Universal Directory

Okta supports up to 10 user types: the default Okta user profile plus up to 9 custom user types.

When you create a custom user type, Universal DirectoryUniversal Directory enables you to store an unlimited amount of users and attributes from applications and sources like AD or HR systems. Any type of attributes are supported including linked-objects, sensitive attributes, and pre-defines lists. All of it accessible by all apps in our OIN catalog, over LDAP or via API. makes what is in essence a copy of the latest default Okta user profile with the default 31 base Okta attributes. The copy is created with the new user type name you give it (for example, "Contractors"). Once this copy is made, you can then add custom attributes that are relevant to the Contractor user type.

You can customize the 31 base Okta user attributes. Each custom user type can have different attribute settings. You can make some attributes optional or required, select different enum types, and so on. Each user type can map the Okta user profile attributes to different application attributes and add custom attributes. This gives you complete flexibility in your authentication and provisioning scenarios.

Each Okta end user can only have one user type. That is, Jane Doe can only have one Okta user profile type: either the default Okta user profile or a custom user type. You must maintain a one-to-one mapping.

Known Issues or Limitations

These are the known issues or limitations for the Early Access release:

Prerequisites

You must be a super or org admin to create custom user types. Once a user type has been created, other admins are able to add properties and mappings, similar to working with the default Okta user type.

You should have a good understanding of how Universal Directory, Profile Editor, attributes, custom attributes, and attribute mappings work, as described in these help topics:

Create a new user type

You can create up to 9 custom user types.

To create a new user type: 

  1. While signed in as a super or org admin, navigate to Directory > Profile Editor in the Admin Console.
  2. Click Create Okta User Type.
  3. In the Create Okta User Type dialog, enter the following values:
    • Display Name - The name of the user type. For example, ‘Contractor’, ‘Student’. There is a 50 character limit.
    • Variable name - The variable name is auto-generated but can be edited.
  4. Click Save.

The new user type appears in the Profile Editor, where you can edit the profile to customize the attributes as needed.

If you need to change the name of the User Type, you can select the User Type profile, click Edit and change the Display name. The variable name cannot be changed.

Once you have set up the different User Type profile, you can work with the attributes and mappings in the same way as with the default Okta user profile

Mapping Apps to a new User Type

After you have created a new User Type, when you want to map an application to an Okta user profile, you must first select which user profile type to map to.

To map an application to a new User Type:

  1. From the Admin Console, navigate to Directory > Profile Editor.
  2. Locate the application you want to map.
  3. Click Mappings and select the user type you want to map to. The Profile Mappings page is displayed.Profile Editor page showing an application's Mapping button and the different user types that can be mapped.

From here, you can map the attributes as described in Map profile attributes.

Create a user and assign a User Type

When you create a new user, you will select which Okta user type that user is associated with. Once a user is created, you cannot change their user type.

Info

Note

Users created by importing them from an app such as Active Directory, LDAP or Workday or from a CSV file will be created as the default user type.

An example of selecting a user type when creating a new user.

Delete a User Type

You can delete a custom User Type if it's no longer required, as long as there are no existing users assigned to that user type. If there are users associated with the user type when you try to delete it, you'll see a warning that they must be deleted first.

Users can be deleted in Directory > People. You will have to manually deactivate and then delete each user.

Info

Important

  1. Deleting a User Type cannot be undone.
  2. The default Okta User Type cannot be deleted.

To delete a user type:

  1. Navigate to Directory > Profile Editor.
  2. Select the Okta user type profile you want to delete and click Profile.
  3. Click Delete.

    The User Type Delete button in the Profile Editor.

  4. Click Delete to confirm your decision.

Related Topics

About custom user types in Universal Directory

Work with Okta user profiles and attributes

Applications

Top