Map profile attributes from Okta to an identity verification vendor

Okta lets you map multiple profile attributes from Okta to the identity verification (IDV) vendor. Mapping profile attributes increases the assurance level of the IDV. Mappings flow one way from Okta to the IDV vendor. Mapping helps the IDV vendor process the user's identity correctly. You can start this procedure from the Identity Providers page, or from the Profile Editor page.

Before you begin

Set up a pre-configured or custom IDV vendor. See Add a pre-configured identity verification vendor or Add a custom identity verification vendor.

Start from the Identity Providers page

  1. In the Admin Console, go to SecurityIdentity Providers.

  2. Click Actions for the IDV vendor you want to map profile attributes with.
  3. Select Edit profile and mappings. The Profile Editor page appears.
  4. Click Mappings. If more than one user type is available, select one from the dropdown menu. The IDV vendor User Profile Mappings page appears.
  5. Continue with the Map the attributes from Okta to the IDV vendor procedure.

Start from the Profile Editor

  1. In the Admin Console, go to DirectoryProfile Editor.

  2. Click Mappings for the IDV vendor profile you want to map attributes for. If more than one user type is available, select the user type from the dropdown menu. The IDV vendor User Profile Mappings page appears.
  3. Continue with the Map the attributes from Okta to the IDV vendor procedure.

Map the attributes from Okta to the IDV vendor

Early Access release. See Enable self-service features.

By default, the user's first name and last name attributes are mapped. They're required for completing the IDV. Mapping more attributes helps the IDV vendor process the request more accurately.

  1. Find the name of the IDV vendor's attribute in the right column.
  2. In the Okta column on the left, click the triangle beside the corresponding IDV vendor's attribute.
  3. Select the Okta attribute that you want to map to the IDV vendor attribute from the list. You can also use Okta Expression Language to generate the attribute name. For example, if the IDV vendor calls the first name given_name, you could map an Okta attribute like user.firstName or user.legalName to it.

    Some IDV vendors process all address attributes as a single component. Map all of these attributes to avoid failures when verifying addresses:

    • streetAddress
    • locality
    • region
    • postalCode
    • countryCode

    Consult your IDV vendor documentation for details about how they process addresses.

  4. Repeat these steps for each attribute that you want to map.
  5. Click Save mappings. Or, to preview the change, enter a user's name in the field beside Preview and click Preview. Okta displays the first and last name of the user in the IDV vendor column.
  6. Click Exit preview.
  7. Click Apply updates. Okta displays the attributes in the Attributes list.
  8. To require an attribute to be sent in the claim to IDV vendors, select the i icon for an attribute.
  9. Select Yes for the Attribute required option.
  10. Click Save Attribute.

Related topics

Identity verification vendors as identity providers

Add a pre-configured identity verification vendor

Add a custom identity verification vendor