Add custom attributes to apps, directories, and identity providers
You can only add attributes to the directory profile if they are already in the directory, so Okta performs a schema discovery to populate the list of available attributes. For Okta to discover the attribute, it must be added to an object within the User object hierarchy in the directory: a user object, a parent object, or an auxiliary object.
User attribute value fields that are left empty, are processed as ""
or an empty string and saved as ""
in the profile. User profiles with empty strings are returned when using search=(profile.<propertyName> pr)
because they contain a value and not NULL. To set the attribute as NULL, you’ll need to use the Okta API. See Okta Developer documentation.
Schema discovery takes a few seconds to complete and when it’s done you’ll get a list of the attributes that Okta has the permissions to discover in the directory.
- In the Admin Console, go to Directory Profile Editor.
- In the Filters list, select Apps, Directories, or Identity Providers.
- For the app, directory, or identity provider that you want to modify, click Profile. If Profile is unavailable, click the profile name.
- Click Add Attribute.
- Complete these fields:
- Data type: Select one of these data types:
- string: A chain of zero or more unicode characters (letters, digits, or punctuation marks)
- number: A floating-point decimal in Java's 64-bit Double format. See Platform Specification.
- boolean: Stores true, false, or null data values
- integer: Whole numbers in 64-bit Java's Long format
- string array: A sequential collection of strings
When a string array is created as a custom app attribute and then assigned to a group, the user experience varies depending on the number of items in the array. If the array contains fewer than 150 items, the items are displayed in a sequential list with checkboxes to select the item. If the string array exceeds 150 items, the items are presented in a searchable scrolling dialog box.
- number array: A sequential collection of numbers
- integer array: A sequential collection of integers
- country code: A code representing the country of origin for the user
- language code: A code representing the user language
- linked object: A code representing the user relationship to another attribute
- Display name: A human readable label that will appear in the UI
- Variable name: Name of attribute that can be referenced in mappings
- External name: The name of the attribute in the IdP assertion or profile API such as a SAML attribute name.
- Description: Description of the attribute
- Data type: Select one of these data types:
- Optional. Complete the following fields :
- Enum: Select this check box to define an enumerated list of values. Supports all data types except boolean.
- Attribute members: Enter the Display names and Values. For example, small, medium, and large.
- Restriction: Select Value must be unique for each user to require that the attribute is unique for every user.
- Attribute length: Enter the minimum and maximum length of the Value field.
- Attribute required: Select this check box to indicate the attribute is required.
Okta recommends making any attributes used in application user names read-only or hidden.
- Click Save or Save and Add Another to add another custom attribute.