In Auth0, my Okta Integration is set to sync user profiles “On each Login”. In Okta the Auth0 Integration app has the following User Profile Mappings:
user.firstName→given_name
user.lastName→family_name
I assume that given the above settings, the mapped Okta user profile values should sync to the Auth0 user on each login. However, the firstName and lastName in the Okta profile never get updated to the Auth0 given_name and family_name. (Whereas the email, federated_groups, federated_zoneinfo, and federated_locale values DO get updated)
I have tried adding the given_name and family_name to the settings in the Authentication→Enterprise→Okta Workforce→my connection→ user mapping as follows:
In general, it would depend on how the attributes are configured on the user’s profile ( Okta side ) and how they are sent from Okta to your Auth0 tenant; I recommend checking the mappings on the Okta side, as they might sent as given_name and family_name, therefore you should map them as :
Thanks for your response. I tried the mappings in the Auth0 Okta Integration settings that you suggested. This threw the same error on the Auth0 log:
“description”: “Error transforming template due to missing keys (2) from IdP context”,
The closest I came to succeeding in a test was this mapping:
“given_name”: “${context.tokenset.name}”,
This actually inserts the Okta “name” into the Auth0 root as “given_name”, so the left hand part of the mapping is correct but the right part (firstName, lastName) is not being found in the token. (Even when I include “given_name” or family_name” in the right part of the mapping assignment.)
It seems clear to me that Okta is not including the firstName or the lastName in the token, although they are included in the mapping in the Okta Auth0 Integration application.