Enforce uniqueness on custom attributes

You may wish to enforce attribute uniqueness across your organization for custom attributes in the Okta user profile. For example, employee identification number. You may mark up to 5 attributes as unique.

You can only enforce uniqueness in custom attributes in the Okta user profile. If you are importing users from Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management. or LDAPLightweight Directory Access Protocol (LDAP) is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP/IP or other connection oriented transfer services. and attempt to import one or more users who would violate the uniqueness requirement, import will fail on those users.

If an end user edits their profile and attempts to enter a duplicate value for a custom attribute that has the uniqueness restriction applied to it, they will see a message that the value already exists. They will be unable to save their change until they enter a unique value.

When you mark an existing custom attribute as requiring a unique value, Universal DirectoryUniversal Directory enables you to store an unlimited amount of users and attributes from applications and sources like AD or HR systems. Any type of attributes are supported including linked-objects, sensitive attributes, and pre-defines lists. All of it accessible by all apps in our OIN catalog, over LDAP or via API. will run a validation check to ensure that no duplicate entries already exist.

  • This check may take some time, depending on how many user records you have.
  • A status message on the Profile Editor page indicates:
    • how many records have been checked
    • how many duplicates have been found and,
    • the estimated time remaining.
  • If duplicate records are found meaning the attribute cannot currently have uniqueness applied to it, the Restriction check box will be cleared automatically. You will have to resolve the duplicate values before applying uniqueness to the attribute.

To enforce uniqueness for a custom attribute:

  1. In the Profile Editor, click the Okta Profile to edit the Okta user profile attributes.
  2. Scroll to the custom attribute you want to mark as unique.
  3. Click Edit.
  4. For Restriction , select that the value must be unique for each user.

    While Okta verifies that the existing data is unique across all users, the check box is grayed out. To remove the uniqueness requirement, deselect the option.

  5. Click Save Attribute.

The status message on the Profile Editor page displays the validation progress and status. This message is displayed to all admins viewing the Profile Editor page so that they are aware a validation check is running.