About attribute mappings

You use attribute mappings to control what attributes are exchanged during the provisioning process. These are the two types of attribute mapping:

The data that is exchanged during provisioning is determined by the attribute definitions and how the attributes are mapped between the source of the data, and the applications to which users are assigned.

Attribute mappings can be bidirectional. You can map default Okta user profile attributes to app user attributes, or from the app to Okta user profile attributes.

App to Okta attribute mapping

With this type of attribute mapping, multiple or single instances of directories or human resources applications are used as a source of truth. Attribute mappings define how attributes from these sources are imported into the Okta user profile.

In this diagram, Active Directory (AD) and Workday supply the Okta user profile with the FirstName, LastName and Boss attributes. The AD attributes givenName and sn are mapped to the Okta attributes FirstName and LastName and the Workday attribute managerUserName is mapped to the Okta attribute Boss.

User-added image

Okta to app attribute mapping

With this type of attribute mapping, data is pushed from Okta to other applications to provision and update user accounts.

In this diagram, Okta sends four user profile attributes to four corresponding user profile attributes in Google.

User-added image