Map Azure Active Directory attributes to Okta attributes

To use Azure Active Directory for user authentication, you need to map Azure Active Directory user attributes to Okta attributes.

  1. In the Admin Console, go to Directory > Profile Editor.
  2. In the Search field, enter AAD or the name you assigned to Azure Active Directory when you added it as an identity provider (IdP).
  3. Click Profile in the Actions column.
  4. Configure the user mappings:
    1. Click Mappings and select Configure User mappings.
    2. Select the <AAD Application Name> to Okta User tab, and in the second drop down for each attribute, select Do not map for all of the attributes except the login attribute.
    3. Click Save Mappings and Apply updates now.
  5. Repeat step 4 for any additional custom user mappings that exist for your org.
  6. In the FILTERS list, select Custom.
  7. Click the Delete icon for the First Name attribute, and click Delete Attribute.
  8. Repeat step 7 for the Last Name, Email. and Mobile Phone attributes.
  9. Click Add Attribute and complete these fields:
    • Display name: Enter Email.
    • Variable name: Enter email.
    • External name: Enter http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress.
  10. Click Save and Add Another and complete these fields:
    • Display name: Enter First Name.
    • Variable name: Enter firstName.
    • External name: Enter http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname.
  11. Click Save and Add Another and complete these fields:
    • Display name: Enter Last Name.
    • Variable name: Enter lastName.
    • External name: Enter http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname.
  12. Click Save and Add Another and complete these fields:
    • Display name: Enter UPN.
    • Variable name: Enter upn
    • External name: Enter http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier.
  13. Click Save.
  14. Click Mappings and select Configure User mappings.
  15. Select the <AAD Application Name> to Okta User tab, and select email for the login and email attributes.
  16. Optional. Select upn for the nameidentifier attribute.
  17. Click Save Mappings and Apply updates now.

Next steps