- Social
- Jan 27th, 2020
Starting off with the Okta Expression Language
Starting off with the Okta Expression Language
(Level: Beginner)
What is the Okta Expression Language?
Okta’s Expression Language is based off SpEL (Spring Expression Language), which is a powerful expression language. The Expression Language allows you to get, transform, and combine attributes before they are stored within a user Okta profile or before they are passed to an application.
Assumptions
- You are the Okta Admin with sufficient permission to manage/edit fields within the Profile Editor section of Okta
- Your organization has purchased the Universal Directory license
Starting off with the Okta Expression Language
Okta User Profile
Every user created or imported to Okta, has a Okta User Profile. This serves as the central source of truth for a user’s core attributes. To reference a user’s attribute for Okta, you’ll need to reference “User” and a specified attribute. Specifically, you’ll want to reference the variable name.
To find a list of available attributes (variables), you can log into your Okta instance and navigate to
Directory > Profile Editor > Okta Profile
From here, you’ll be able to see each attributes Display Name along with the Variable Name. You’ll need to reference the Variable Name to get the output to show.
For the example below, we’ll assume that we have a user called Ryan Howard (ryan.howard@ironcovesolutions.com). We’ll reference variable names listed in Okta, to get an output.
When we use the user.department syntax, the output displayed is Null. This notifes us that the user's department is empty.
Important Note: Variable Names are case sensitive. Meaning that if you try to reference “firstname” you’ll receive an error message along the lines of “Invalid property firstname in expression.” As seen in the
screenshot, the variable name for First Name is “firstName”.
Application User Profile
All Okta users have their own application user profiles for each of their assigned applications.
Application user profiles are used to store application specific information such as their application username or role. To view application specific attributes, you will need to log into Okta and navigate to:
Directory > Profile Editor > select the Application that you want to work with
Important Note: The attributes you see are dependent on the provisioning type you select from the Provisioning tab of the Application
(see screenshot below)
These attributes can be used to push information to other applications or even the Okta Profile.
For example, let us assume that we have a user named Ryan Howard, whose application data existed within Active Directory (AD). We would first want to ensure that the data is imported to Okta. Once that is completed, you can use the following syntax to call attributes stored in AD.
Important Note: You can view a list of attributes by navigating to:
Directories > Profile Editor > Directories > Active Directory
If the attributes are filled out within AD and are being synced to Okta, we should be able to use the examples listed above to push data to other applications such as Office 365, this can be checked using the Profile Editor under Mapping from Okta to Office 365.
For example, let's say you were trying to map a user's AD title attribute or department attribute to Office 365. You would go to the Profile Editor and locate Office 365. Within the Okta to Office 365 tab, you would locate the attributes (title and department) and enter the correct syntax listed in the table above.
Clicking the Preview button at the bottom of the screen will enable you to see if the attribute was being "pulled" from AD and "pushed" to Office 365 correctly.
Using the Okta Expression language can be confusing at first but if used affectively it can also be very powerful!
For more information about ALM (Attribute Level Mastering) or the Okta Expression Language, feel free to give us a toll free call @ (888) 959-2825 , and we will be happy to assist you and your organization with everything Okta related.