Match imported user attributes
When you import users, you can create Okta rules to match any attribute that's mapped from an appUser profile to an Okta user profile. Attribute matching helps you sync identities from multiple apps and determine whether an imported user is new or if the user profile exists in Okta. For example:
- When a user is imported from Workday, you can match that user to existing user profiles based on their username, email address, first name, or last name.
- To set up a regularly scheduled import from Workday, you can match the employee's EmployeeID.
- To consolidate multiple Active Directory (AD) domains, you can link the AD domains to a single Okta user with an attribute that's populated across all Active Directory domains (they match on the SAM Account Name).
- In the Admin Console, click .
- Enter the name of the app in the Search field and select the app link.
- Click the Provisioning tab and select To Okta in the Settings list.
- Click Edit in the User Creation & Matching area, select The following attribute matches, and select the attribute. Matches are case sensitive.
- Click Save.
- Click the Import tab, select Import Now, and click OK when the import finishes.
The imported users that matched the attribute that you selected are listed. If there is no match, a new user is created. If there is a match, then the user is linked to an existing user profile in Okta.
Okta treats these as exact matches. You can configure auto-confirmation and auto-activation if a match is found. To check if an attribute is missing from the list of matching attributes, go to and make sure that the attribute is mapped.