can i get custom Okta profile fields in external IdP scenario?

https://zitadel.com/docs/guides/integrate/identity-providers/additional-information

Automatically pre-fill user data

3 Replies

Hi @kappapilla, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question. Answer Yes, you can access custom Okta profile fields in ZITADEL's external IdP scenario using Actions (1) (2) (3) . The documented examples show how to access standard fields like name and email from Okta . For custom fields, you can access any additional claims or attributes that Okta provides through the ctx.v1.providerInfo object in your Action . Here's the example Action for Okta OIDC that shows the basic pattern:

/**  
 * Set first and lastname of a user on just in time provisioning for okta.  
 * Useful if you like to fill the first and lastname with the name stored on okta, so the user doesn't have to fill himself.  
 * Also set email to verified, so the user doesn't get a verification email  
 *  
 * Flow: External Authentication, Trigger: Post Authentication  
 *  
 * @param ctx  
 * @param api  
 */  
let logger = require("zitadel/log")  
  
function mapOktaOauth(ctx, api) {  
 logger.log('Populating extra information for new Okta user') ;  
  
 if (ctx.v1.externalUser.externalIdpId != "your-idp-id") {  
 return  
 }  
 api.setFirstName(ctx.v1.providerInfo.name) ;  
 api.setLastName(ctx.v1.providerInfo.name) ;  
 api.setEmailVerified(true)  
 api.setEmail(ctx.v1.providerInfo.email)  
 api.setPreferredUsername(ctx.v1.providerInfo.preferred_username)  
}

/**  
 * Set first and lastname of a user on just in time provisioning for okta.  
 * Useful if you like to fill the first and lastname with the name stored on okta, so the user doesn't have to fill himself.  
 * Also set email to verified, so the user doesn't get a verification email  
 *  
 * Flow: External Authentication, Trigger: Post Authentication  
 *  
 * @param ctx  
 * @param api  
 */  
let logger = require("zitadel/log")  
  
function mapOktaOauth(ctx, api) {  
 logger.log('Populating extra information for new Okta user') ;  
  
 if (ctx.v1.externalUser.externalIdpId != "your-idp-id") {  
 return  
 }  
 api.setFirstName(ctx.v1.providerInfo.name) ;  
 api.setLastName(ctx.v1.providerInfo.name) ;  
 api.setEmailVerified(true)  
 api.setEmail(ctx.v1.providerInfo.email)  
 api.setPreferredUsername(ctx.v1.providerInfo.preferred_username)  
}

To access custom Okta fields, you would extend this pattern by accessing additional properties from ctx.v1.providerInfo and potentially storing them as user metadata using the metadata API methods available in Actions (1) (2) . You can also access custom claims through ctx.getClaim('claim_name') for generic OIDC providers (2) . To learn more, see the sources I considered: [1] Profile Pre-filling from External IdP [2] Code examples [3] Configure OKTA as an OIDC Identity Provider in ZITADEL Feel free to tag @Ask Inkeep with additional questions.

kappapillaOP•2w ago

can i access custom fields in post authentication with this? also, if custom field updates does it overwrite?

ctx.v1.providerInfo.custom

ctx.v1.providerInfo.custom

Ask Inkeep•2w ago

Got it. Tagging @Rajat for additional help.

can i get custom Okta profile fields in external IdP scenario?

Did you find this page helpful?