About attribute-level mastering

Attribute-level mastering lets you specify different profile masters for individual user attributes. Without it, all of a user's attributes are mastered by a single profile master.

An Okta user's profile master is typically a directory service like Active Directory or an app like Workday. If you use multiple directories or apps, you can prioritize profile masters so that end users are mastered by different sources based on their assignments. Attribute-level mastering takes this a step further, letting you designate different profile masters for different user attributes.

For example, an Okta user may have their profile attributes like first name, last name, and department mastered by Workday. With attribute-level mastering, their phone number and email address can be mastered by Active Directory, and their personal email address or preferred display name can be mastered inside Okta and managed by the end user.

Profile mastering only applies to Okta user profiles, not app user profiles.

To complete attribute-level mastering you complete these tasks:

  • Enable profile mastering
  • Define the attribute profile master
  • Map profile attributes