About custom attribute uniqueness enforcement
You can enforce attribute uniqueness for custom attributes in the Okta user profile, such as employee identification number. You can declare a maximum of 5 unique attributes for each user type. The limit of 5 unique attributes is applied per-type. You do not need to select the same set of attributes for each user type. For example, the 5 unique attributes you declare unique for user profile A do not need to match what you declared for user profiles B, C, or D.
Unique attributes share a single namespace across all user types in an org. If user types A and B both contain the attribute ice cream and you identify it as unique in both profiles, then if user type A has the value chocolate, no other users of type A or B (or any other user type with ice cream declared unique) can have that value. To allow duplicates between unique attributes in different types, modify the attribute names to be slightly different. For example, ice creamA and ice creamB are tracked separately.
Attributes that are not unique are not tracked for uniqueness. If the attribute candy is unique in type E and not unique in type F, and a user of type E has the value caramel for the attribute, then no other users of type E can have the value caramel for the attribute, but any number of users of type F can have the value caramel. Although candy is unique in E, it is not unique in F, so the value for the attribute in users of type F does not matter.
You can only enforce uniqueness in custom attributes in the Okta user profile. If you are importing users from Active Directory or LDAP and attempt to import one or more users who would violate the uniqueness requirement, import fails for those users.
If you attempt to enter a duplicate value for a user profile custom attribute with a uniqueness restriction, a message appears indicating that the value already exists. You can't save your changes until you enter a unique value.
When you mark an existing custom attribute as requiring a unique value, Universal Directory performs a validation check to make sure that there are no existing duplicate entries. If you have significant user records, the validation can take some time.
When the validation completes, a status message on the Profile Editor page indicates:
- the number of records checked
- the number of duplicates found
- the estimated time remaining
If duplicate records are found, the Restriction check box is cleared automatically. You will have to resolve the duplicate values before applying uniqueness to the attribute.