Skip to main content

Creating and Mapping User Attributes in OKTA

Although some user attributes are already defined in OKTA, additional user attributes will need to be created. First Name, Last Name. Email and Team are mandatory attributes. These user attributes may already be defined, but not mapped in OKTA.

Creating User Attributes in OKTA

To create user attributes in OKTA, do the following:

  1. Click Directory and select 2900230458.png Profile Editor. The OKTA Profile Editor screen is displayed.

    OKTA_3333.png
  2. Click <2899738992.png Profile> to edit the OKTA User. The OKTA Profile screen is displayed.

    OKTA_4444.png
  3. Confirm that the following user attributes are available:

    Notice

    For manual changes that need to be performed within the SAML Identity Provider, for User and Team Attributes, when upgrading to CxSAST v9.x from v8.8\8.9, refer to Adapting the SAML Identity Provider Attributes when Upgrading CxSAST V8.8 or v8.9 to v9.0 or v9.2

    Display Name

    Variable Name

    Data Type

    Mandatory?

    First name

    firstName

    String

    Yes

    Last name

    lastName

    String

    Yes

    Primary email

    email

    String

    Yes

    Job

    job

    String

    No

    Primary phone

    primaryPhone

    String

    No

    Mobile phone

    mobilePhone

    String

    No

    Language

    Language

    String

    No

    Team (previously Organization_Tree)

    Team

    String Array

    Yes

    required for IdP Authorization only

    Role

    Role

    String Array

    No

    required for IdP Authorization only

  4. For those user attributes that haven’t yet been defined, click Add Attribute. The Add Attribute screen is displayed.

    OKTA_5555.png
  5. Define each user attribute according to the attribute definition table, above.

  6. Click the Save and Add Another option to add other user attribute accordingly.

Mapping User Attributes to the SAML Service Provider (Access Control)

To map user attributes to the SAML service provider, doe the following:

  1. Click Applications. The Application screen is displayed.

    OKTA_6666.png
  2. Select on the Application that you created and click the General tab. The General screen is displayed.

    OKTA_7777.png
  3. In the SAML Settings section, click <Edit>. The SAML Integration - General Settings screen is displayed.

    OKTA_8888.png
  4. Click <Next>. The SAML Integration - SAML Settings screen is displayed.

    OKTA_9999.png
  5. From the Attribute Statements (optional) section, define and add the user attributes outlined in the table below.

  6. Once completed, click <Next>, select I’m a Software Vendor. I’d like to integrate my App with OKTA and then click <Finish>. To add additional user attribute fields, click <Add Another>.

Name

Name Format

Value

Authentication Method

First_Name*

Basic

user.firstName

Manual and IdP Authentication

Last_Name*

Basic

user.lastName

Manual and IdP Authentication

Email*

Basic

user.email

Manual and IdP Authentication

Job

Basic

user.job

Manual and IdP Authentication

Phone

Basic

user.primaryPhone

Manual and IdP Authentication

Cell_Phone

Basic

user.mobilePhone

Manual and IdP Authentication

Language

Basic

user.language

Manual and IdP Authentication

Team* (previously Organization_Tree)

Basic

user.Team

IdP Authentication only

Role

Basic

user.Role

IdP Authentication only

*First_Name, Last_Name, Email and Team attributes are mandatory. The remaining user attributes are optional.

Notice

For manual changes that need to be performed within the SAML Identity Provider, for User and Team Attributes, when upgrading to CxSAST v9.x from v8.8\8.9, refer to Adapting the SAML Identity Provider Attributes when Upgrading CxSAST V8.8 or v8.9 to v9.0 or v9.2.

Adding User Attributes to a Specific User

To add user attibutes to a specific user, do the following:

  1. Click Directory and select People. The People screen is displayed.

    OKTA_10101010.png
  2. Click Person & User Name. The selected User’s Profile screen is displayed.

    OKTA_11111111.png
  3. Click the Profile tab. The Profile screen is displayed.

    OKTA_12121212.png
  4. Click <Edit>.

  5. Once the Attribute fields become available for editing, enter description information for each of the user attributes outlined in the table below.

  6. Once completed, click <Save> to save the changes.

Attributes

Description

First name

User’s first name (e.g., David)

Last name

User’s family name (e.g., Press)

Primary email

Primary email (e.g., david.press@check.com)

Job

Job title (e.g., Software Engineer)

Primary phone

Primary contact telephone number (e.g., 77523632562)

Mobile phone

Contact mobile number (e.g., 052563256214)

Language

User’s preferred language:

  • en-US (English – US)

  • zh-TW (Chinese - Traditional, Taiwan)

  • jp-JP (Japanese – Japan)

  • ko-KR (Korean – Korea)

  • zh-CHS (Chinese - Simplified)

Team (previously Organization_Tree)

User's team(s). Each user can be assigned to multiple teams. A ‘String Array’ type should be defined for Team attribute. Each team assignment requires an additional sub-attribute:

Team=/CxServer/Team1

/CxServer/Team2

/CxServer/Team3

Role

User's roles(s). Each user can be assigned to multiple roles. A ‘String Array’ type must be defined for the Role attribute. Each role assignment requires an additional sub-attribute:

Role=Scanner

Reviewer

User Manager

Notice

For manual changes that need to be performed within the SAML Identity Provider, for User and Team Attributes, when upgrading to CxSAST v9.x from v8.8\8.9, refer to Adapting the SAML Identity Provider Attributes when Upgrading CxSAST V8.8 or v8.9 to v9.0 or v9.2.