Expressions
You use expressions to concatenate attributes, manipulate strings, convert data types, and more. Expressions within attribute mappings let you modify attributes before they're stored in Okta or sent to apps. Expressions also help maintain data integrity and formats across apps.
For example, you might want to use an email prefix as a username, bulk replace an email suffix, or populate attributes based on a combination of existing attributes, such as displayName = lastName, firstName
.
Okta supports a subset of the Spring Expression Language (SpEL) functions. See Okta Expression Language.
While some functions work in other areas of the product (for example, string
in custom username formats), not all do.
Username overrides
You can use the Okta Expression Language to create custom Okta app usernames. These are some examples of how this can be done:
- Construct an Okta username by concatenating multiple imported attributes.
- Create differently formatted usernames using conditionals. For example:
- If
attribute1
= A, then the username should end in acme.com. Otherwise, the username should end in acme-temp.com. - Results: either john.doe@acme.com, or john.doe@acme-temp.com.
This is useful for distinguishing between different types of users (such as employees vs. contractors).
- If
- Construct app usernames from attributes in various sources.
- Enforce a max length by truncating.
The username override feature overrides previously selected Okta or app username formats. When you implement a username override, the previously selected username formats no longer apply.
You can also use username override functionality with Selective Attribute Push to continuously update app usernames as user profile changes. For example, when the username changes in an app that uses an email address for the username format, Okta can automatically update the app username to the new email address.
App username overrides
To change the app username format, you select an option in the Application username format list on the app Sign On page. The username mapping displayed on the app Sign On page is the source of truth for the Okta to App flow. Changing when the app username is updated is also completed on the app Sign On page.
For Active Directory (AD), LDAP and SAML Identify Provider apps, you use the Profile Editor to override username mappings.