Profile mastering

A profile masterA profile master is an application (usually a directory service such as Active Directory, or human capital management system such as Workday) that acts as a source of truth for user profile attributes. A user can only be mastered by a single application or directory at any one time. For more details, see the Profile Master page. When users are mastered by attribute, we call this attribute-level mastery (ALM). ALM delivers finer grain control over how profiles are mastered by allowing admins to specify different profile masters for individual attributes. Profile mastering only applies to Okta user profiles, not app user profiles. For more details, see Attribute Level Mastering. is an application (a directory service like Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management. or LDAPLightweight Directory Access Protocol (LDAP) is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP/IP or other connection oriented transfer services., or an HR-management appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. such as Workday) that can act as the "source of truth" for user identities. Once enabled from the app or directory's ProvisioningProvisioning is the enterprise-wide configuration, deployment, and management of multiple types of IT system resources. Specifically, provisioning provides users access to equipment, software, or services. This involves creating, maintaining and deactivating required business process automation objects and attributes in systems, directories, and applications. tab, it appears in the list of profile masters on the Profile Masters page. Without the inclusion of any external profile “master”, all profiles are mastered by Okta.

Currently, if more than one profile master exists on the Profile Masters page, they can be prioritized so that end usersEnd users are people in your org without administrative control. They can authenticate into apps from the icons on their My Applications home page, but they are provisioned, deprovisioned, assigned, and managed by admins. can be mastered by different systems, based on their assignments. At any given time, there can only be one profile master that masters a user's entire profile.

Profile masters are powerful tools that can potentially manage the entire life cycle (creation, updates, and deactivation) of an Okta user. Admins leveraging Workday, for example, can allow Okta to receive user creation, updates, and termination events from Workday.

Okta is periodically adding profile master capabilities to an expanding number of apps and directories. The following apps and directories are among those available for profile mastering:

This is an Early AccessEarly Access (EA) features are opt-in features that you can try out in your org by asking Okta Support to enable them. Additionally, the Features page in the Okta Admin Console (Settings > Features) allows Super Admins to enable and disable some EA features themselves. feature. To enable it, contact Okta Support.