Map User Attributes

STUDY NOTES — Map User Attributes (Okta Certified Professional)

1. Purpose of Attribute Mapping

When provisioning users, Okta must pass correct user data:

Source App → Okta → Downstream Apps

Example:

  • HR system (source of truth) → Okta → Benefits application

  • Attributes flowing through: first name, last name, email, employee ID

Mapping ensures:

  • Correct sync of user identity information

  • Accurate provisioning across all apps

  • Clean lifecycle management

2. What Is a Profile Source?

A profile source is the authoritative system for user identity data.

Examples:

  • HR systems (Workday, SuccessFactors)

  • Directories (Active Directory, LDAP)

  • Others, depending on provisioning setup

A user may have multiple attribute origins:

  • Employee ID & job title → from HR system

  • Email → from Active Directory

3. Mapping Attributes from Profile Source → Okta

When does mapping apply?

Apply mapping on user create and update triggers when:

  1. A user is provisioned from source → Okta

  2. A user record is updated in the source system

Which object holds the source attributes?

  • appuser object = contains attributes coming from the profile source

This data populates the Okta user profile.

4. Mapping Attributes from Okta → Downstream Apps

Reasons for mapping Okta → apps:

  • To ensure apps receive all necessary user information

  • To keep user records synchronized

Apply mapping on user create and update:

Triggers when:

  1. A user is provisioned from Okta → app

  2. A user account is modified in Okta

Which object holds Okta attributes?

  • user object = contains Okta user profile attributes being pushed downstream

Apply mapping on user create only:

  • Only applies at initial provisioning

  • Ignores future attribute updates

Used when downstream apps should not receive updates from Okta after creation.

5. Troubleshooting Attribute Mapping Issues

Common issue:

  • Data is incorrect in downstream app

  • Often happens when admin selects Don’t apply updates while saving a mapping

Fix:

  1. Modify the mapping again (force a change)

  2. Select Apply updates now

  3. Okta pushes updated mapping to all existing users with that profile