Using Custom Attributes with Active Directory

For Universal Directory, Active Directory (AD) is just another application. That is, AD has its own unique AppAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. User Profile within Okta. You can view user profiles for directories in Directory > Profile Editor.

Previously, Okta managed usersIn Okta literature, we generally refer to "users" as the people who serve as Okta administrators. When we refer to "end users" we are generally referring to the people who the administrators serve. That is, those who use Okta chiclets to access their apps, but have no administrative control. based on a static AD profile, comprised of 19 attributes. These were not configurable, and could only be viewed under the profile sub-tab for a user.

With UD, Okta has introduced the Profile Editor, which gives admins complete control over the AD app profile for a user. Admins can now add and remove attributes from the profile, customize attribute mappings, and perform data transformations within the inbound or outbound flows. The screenshot below shows the new Profile Editor user interface.

The first thing you'll notice is that there is a distinction between base and custom attributes. For AD, only 9 attributes are considered base. This means that for Okta, a minimum AD profile contains only 9 attributes—not the 19 we previously supported. Every attribute outside of the 9-field base profile is considered custom. Some of these custom attributes were previously part of the static profile, but now with UD, you can remove them.