Add or remove custom LDAP attributes

For Universal Directory, LDAP is just another application. That is, LDAP has its own unique App User Profile within Okta. You can view user profiles for directories in the Profile Editor.

The Profile Editor gives admins complete control over the LDAP app profile for a user. Admins can add and remove attributes from the profile, customize attribute mappings, and perform data transformations within the inbound or outbound flows.

You can only add attributes to the LDAP profile if they're already in the LDAP directory, so Okta first does a schema discovery step to populate the attribute picker. For Okta to discover the attribute, it must be added to an object within the User object hierarchy. For the attribute to be discovered during this process, it must be added to either the user object, a parent object, or an auxiliary object.

Executing schema discovery takes a few seconds. When it's finished, you're provided with a list of the attributes that Okta is permitted to discover in LDAP.

  1. In the Admin Console, go to DirectoryProfile Editor.
  2. Select Directories in the Filters list.
  3. Click Profile in the Actions column for the directory that you want to update.
  4. Click Add Attribute.
  5. In the Pick Schema Attributes dialog, select the attributes you want to add.
  6. Click Save.
  7. Optional. To delete a custom attribute, locate it in the Attributes list and then click X.