Skip to main content

Creating and Mapping User Attributes in OKTA

Although some user attributes are already defined in OKTA, additional user attributes will need to be created. First Name, Last Name. Email and Team are mandatory attributes. These user attributes may already be defined, but not mapped in OKTA.

Creating User Attributes in OKTA

To create user attributes in OKTA, do the following:

1. Click Directory and select 2900230458.png Profile Editor. The OKTA Profile Editor screen is displayed.

2880046134.png

2. Click <2899738992.png Profile> to edit the OKTA User. The OKTA Profile screen is displayed.

2880046131.png

3. Confirm that the following user attributes are available:

Display Name

Variable Name

Data Type

Mandatory

First name

firstName

String

Yes

Last name

lastName

String

Yes

Primary email

email

String

Yes

Job

job

String

No

Primary phone

primaryPhone

String

No

Mobile phone

mobilePhone

String

No

Language

Language

String

No

Team (previously Organization_Tree)

Team

String Array

Yes*

Role

Role

String Array

No*

* required for IdP Authorization only

Notice

For manual changes that need to be performed within the SAML Identity Provider, for User and Team Attributes, when upgrading to CxSAST v9.x from v8.8\8.9, refer to Adapting the SAML Identity Provider Attributes when Upgrading CxSAST V8.8 or v8.9 to v9.0 or v9.2.

4. For those user attributes that haven’t yet been defined, click Add Attribute. The Add Attribute screen is displayed.

2880046128.png

5. Define each user attribute according to the attribute definition table, above.

6. Click the Save and Add Another option to add other user attribute accordingly.

Mapping User Attributes to the SAML Service Provider (Access Control)

To map user attributes to the SAML service provider, doe the following:

1. Click Applications. The Application screen is displayed.

2880046125.png

2. Select on the Application that you created and click the General tab. The General screen is displayed.

2880046122.png

3. In the SAML Settings section, click <Edit>. The SAML Integration - General Settings screen is displayed.

2880046119.png

4. Click <Next>. The SAML Integration - SAML Settings screen is displayed.

2880046116.png

5. From the Attribute Statements (optional) section, define and add the following user attributes:

Name

Name Format

Value

Authentication Method

First_Name*

Basic

user.firstName

Manual and IdP Authentication

Last_Name*

Basic

user.lastName

Manual and IdP Authentication

Email*

Basic

user.email

Manual and IdP Authentication

Job

Basic

user.job

Manual and IdP Authentication

Phone

Basic

user.primaryPhone

Manual and IdP Authentication

Cell_Phone

Basic

user.mobilePhone

Manual and IdP Authentication

Language

Basic

user.language

Manual and IdP Authentication

Team* (previously Organization_Tree)

Basic

user.Team

IdP Authentication only

Role

Basic

user.Role

IdP Authentication only

*First_Name, Last_Name, Email and Team attributes are mandatory. The remaining user attributes are optional.

Notice

For manual changes that need to be performed within the SAML Identity Provider, for User and Team Attributes, when upgrading to CxSAST v9.x from v8.8\8.9, refer to Adapting the SAML Identity Provider Attributes when Upgrading CxSAST V8.8 or v8.9 to v9.0 or v9.2.

6. Once complete, click <Next>, select I’m a Software Vendor. I’d like to integrate my App with OKTA and then click <Finish>. To add additional user attribute fields, click <Add Another>.

Adding User Attributes to a Specific User

1. Click Directory and select People. The People screen is displayed.

2880046113.png

2. Click Person & User Name. The selected User’s Profile screen is displayed.

2880046110.png

3. Click the Profile tab. The Profile screen is displayed.

2880046107.png

4. Click <Edit>.

5. Once the Attribute fields become available for editing, enter description information for each of the following user attributes:

Attributes

Description

First name

User’s first name (e.g., David)

Last name

User’s family name (e.g., Press)

Primary email

Primary email (e.g., [email protected])

Job

Job title (e.g., Software Engineer)

Primary phone

Primary contact telephone number (e.g., 77523632562)

Mobile phone

Contact mobile number (e.g., 052563256214)

Language

User’s preferred language:

  • en-US (English – US)

  • zh-TW (Chinese - Traditional, Taiwan)

  • jp-JP (Japanese – Japan)

  • ko-KR (Korean – Korea)

  • zh-CHS (Chinese - Simplified)

Team (previously Organization_Tree)

User's team(s). Each user can be assigned to multiple teams. A ‘String Array’ type should be defined for Team attribute. Each team assignment requires an additional sub-attribute:

Team=/CxServer/Team1

/CxServer/Team2

/CxServer/Team3

Role

User's roles(s). Each user can be assigned to multiple roles. A ‘String Array’ type must be defined for the Role attribute. Each role assignment requires an additional sub-attribute:

Role=Scanner

Reviewer

User Manager

Notice

For manual changes that need to be performed within the SAML Identity Provider, for User and Team Attributes, when upgrading to CxSAST v9.x from v8.8\8.9, refer to Adapting the SAML Identity Provider Attributes when Upgrading CxSAST V8.8 or v8.9 to v9.0 or v9.2.

6. Click <Save> to save the changes.