Match imported users
When you import users, you can set up Okta rules to match any attribute that is currently mapped from an AppUser profile to an OktaUser profile. This helps you sync identities across systems and determine whether an imported user is new or if the user profile already exists in Okta.
- When a user is imported from Workday, you can match that user to existing user profiles based on their user name, email address, or first and last name.
- To set up a regularly scheduled import from Workday, you can match on the Employee’s EmployeeID
- To consolidate multiple Active Directory (AD) domains, you can link the AD Domains to a single Okta user with an attribute that’s populated across all those domains (e.g., they match on the SAM Account Name
To set up the import configuration to match users, do the following:
- Go to Applications or Directory Integrations and select the appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. into which you want to import users, such as Workday, Active Directory, or CSV Directory.
- For most applications, select Provisioning > To Okta. For AD or LDAP, select Settings > Match Settings.
- Update the import configuration to match on any attribute that is currently mapped from your application into Okta.
- Click Save.
- Go to the Import tab and select Import Now.
You can now see the imported users matched on the attribute that you selected from the drop down. If there is no match, a new user is created. If there is a match, then the user is linked to an existing user profile in Okta.
Note: Because Okta treats these as exact matches, you can configure auto-confirmation and auto-activation if a match is found.
To check if an attribute is missing from the list of attributes available for matching, go to Directory > Profile Editor and make sure that the attribute is properly mapped.