Expressions and examples

You can use expressions to concatenate attributes, manipulate strings, convert data types, and more. Expressions let you construct wholly new values before these values are used to look up users.
Okta supports a subset of Spring Expression Language (SpEL) functions.

Introduction

Expressions are combinations of:

  • Variables - These are the elements found in your Okta user profile.  Examples include user followed by any of the fields listed.  For example, idpuser.subjectAltNameUpn, idpuser.subjectAltNameEmail, and others. Note that the list of fields is case sensitive, and that firstName is not the same as firstname or FirstName. For a complete list of variables see Add a Smart Card identity provider.
  • Operations - used to concatenate or otherwise operate on variables. In the example given "+", the plus sign, concatenates two objects together.
  • Functions - used to modify or manipulate variables to achieve a desired result. In the example given, String.toUpperCase returns an all upper case version of its provided input.
    For a complete list see Functions in the Okta Expression Language.

The following fields are supported:

idpuser.subjectAltNameUpn
idpuser.subjectAltNameEmail
idpuser.subjectAltNameUuid
idpuser.subjectKeyIdentifier
idpuser.subjectCn
idpuser.subjectO
idpuser.subjectOu
idpuser.sha1PublicKeyHash

Examples

The following examples are instructional only.

Description Example
Select all content before the @ character String.substringBefore(ipduser.subjectAltNameEmail, "@")
Select the last 20 characters of the provided field. String.substring(idpuser.subjectCn, String.len(idpuser.subjectCn)-20, String.len(idpuser.subjectCn))
Select all content before the @ character and transform to lower case. String.toLowerCase(String.substringBefore(ipduser.subjectAltNameUpn, "@"))

If the selected field contains the @ character return all before this character otherwise return the entire field.

String.stringContains(idpuser.subjectAltNameEmail, "@") ?
String.substringBefore(ipduser.subjectAltNameEmail, "@") :
idpuser.subjectAltNameEmail

Related topics

Add a Smart Card identity provider