Match imported users
When you import users, you can set up Okta rules to match any attribute that is currently mapped from an AppUser profile to an OktaUser profile. This helps you sync identities across systems and determine whether an imported user is new or if the user profile already exists in Okta.
- When a user is imported from Workday, you can match that user to existing user profiles based on their user name, email address, or first and last name.
- To set up a regularly scheduled import from Workday, you can match on the Employee’s EmployeeID.
- To consolidate multiple Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management. (AD) domains, you can link the AD Domains to a single Okta user with an attribute that’s populated across all those domains (they match on the SAM Account Name).
To set up the import configuration to match users, do the following:
- Go to Applications or Directory Integrations and select the appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. into which you want to import users, such as Workday, Active Directory, or CSV Directory.
- For most applications, select ProvisioningProvisioning is the enterprise-wide configuration, deployment, and management of multiple types of IT system resources. Specifically, provisioning provides users access to equipment, software, or services. This involves creating, maintaining and deactivating required business process automation objects and attributes in systems, directories, and applications. > To Okta. For AD or LDAPLightweight Directory Access Protocol (LDAP) is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP/IP or other connection oriented transfer services., select Settings > Match Settings.
- Update the import configuration to match on any attribute that is currently mapped from your application into Okta. Note that matches are case sensitive.
- Click Save.
- Go to the Import tab and select Import Now. Note that you can import up to 100,000 users without slowing system performance.
You can now see the imported users matched on the attribute that you selected from the drop down. If there is no match, a new user is created. If there is a match, then the user is linked to an existing user profile in Okta.
Note: Because Okta treats these as exact matches, you can configure auto-confirmation and auto-activation if a match is found.
To check if an attribute is missing from the list of attributes available for matching, go to Directory > Profile Editor and make sure that the attribute is properly mapped.