Base Active Directory attributes
There's a distinction between base and custom attributes.
For Active Directory (AD), only 10 attributes are considered base. This means that for Okta, a minimum Active Directory profile contains only 10 attributes. Every attribute outside of the 10-field base profile is considered custom. Some of these custom attributes were previously part of the static profile, but now with UD, you can remove them.
Display Name | Variable Name | Data Type |
---|---|---|
distinguishedName | dn | string |
string | ||
objectGUID | externalID | string |
givenName | firstName | string |
sn | lastName | string |
managerUpn | managerUpn | string |
objectSid | objectSid | string |
primaryGroupID | primaryGroupID | string |
sAMAccountName | samAccountName | string |
userPrincipalName | userName | string |
When representation as managerUPN in Active Directory applies, use the managerUpn mapping for manager values coming from Workday (or any other application) into Okta. The manager must be in the same domain as the user.
When representation as mangerDN in Active Directory applies, use the managerDn mapping for manager values coming from Workday (or any other application) into Okta. In this case, the manager can be in a different domain than the user.
Mapping the managerUPN or the managerDN incorrectly could result in the manager value failing to update the user object in Active Directory.