Profile types
These are the three profile types supported by Okta Universal Directory:
The Okta user profile
The Okta user profile is comprised of base attributes and custom attributes. End users are people who use Okta to access apps and users are Okta administrators who use Okta to administer their org.
To view the Okta user profile, go to and click the Users tab. Click the User (default) profile.
Okta has defined 31 default base attributes for all users in an org. The only base attributes that you can modify or remove are First Name and Last Name. You can mark these attributes as required or optional for Okta sourced users. To import users with empty First Name and Last Name attributes, you must mark the attributes as optional in Okta, or the import fails.
The default format for the Username attribute is an email address. You can use the Format Restriction control to change the default format or replace it with a specific set of allowable characters.
You can only add attributes to the directory profile if they're already in the directory. When users are imported, a schema discovery operation is completed first to populate the attribute picker. For Okta to discover attributes, they must be added to a user object, a parent object, or an auxiliary object in the directory.
When the schema discovery is completed, a list of the attributes that Okta has permission to discover in the directory are available.
You can add custom user attributes to define more user settings. When creating custom attributes, you can't use these reserved keywords: id, profile, status, transitioningtostatus, created, activated, statuschanged, lastlogin, lastupdated, passwordchanged, type, realm, realmId, password, credentials, _links, _embedded, class, classloader.
The Okta group profile
The Okta default group profile is comprised of base attributes and custom attributes. The base attributes for the Okta default group profile are Name and Description. Name is a required attribute that's case sensitive and it must be unique. The Description attribute is optional. Groups created in the Okta Admin Console inherit the attributes defined in the default Okta group profile. See Create a group.
To view the Okta group profile, go to and click the Groups tab. Click the Okta group profile.
Group profiles are only available for Okta groups and not for app groups.
You can add custom group attributes to define other user settings. When creating custom attributes, you can't use these reserved keywords: windowsDomainQualifiedName, groupType, groupScope, samAccountName, objectSid, externalId, dn, targetDn, googleGroupEmail, googleExternalId, oldExternalId.
The app user profile
An app user profile lists the app attributes that Okta can read and write to (read-only for identity provider). An app profile controls the attributes that Okta pushes to an app or imports from an app.
To view an app user profile, go to , click the Users tab, and then select Apps under Filters. Click the app whose app user profile you want to view.
Like user profiles, app profiles have both base attributes and custom attributes. Extend app user profiles using attributes from a predefined list that Okta dynamically generates. Okta generates the list of attributes by querying the third-party app or directory for supported attributes. Each app controls which custom attributes it supports. The Okta profile can only be customized with attributes that the app supports. You can't create a custom attribute for an app.