Okta profile firstName and lastName do not sync to Raw JSON of Okta-managed Auth0 users

In Auth0, my Okta Integration is set to sync user profiles “On each Login”. In Okta the Auth0 Integration app has the following User Profile Mappings:

user.firstName→given_name

user.lastName→family_name

I assume that given the above settings, the mapped Okta user profile values should sync to the Auth0 user on each login. However, the firstName and lastName in the Okta profile never get updated to the Auth0 given_name and family_name. (Whereas the email, federated_groups, federated_zoneinfo, and federated_locale values DO get updated)

I have tried adding the given_name and family_name to the settings in the Authentication→Enterprise→Okta Workforce→my connection→ user mapping as follows:

{
“attributes”: {
“name”: “${context.tokenset.name}”,
“email”: “${context.tokenset.email}”,
“username”: “${context.tokenset.preferred_username}”,
“given_name”: “${context.tokenset.firstName}”,
“family_name”: “${context.tokenset.lastName}”,
“federated_groups”: “${context.userinfo.groups}”,
“federated_locale”: “${context.userinfo.locale}”,
“federated_zoneinfo”: “${context.userinfo.zoneinfo}”
},
“mapping_mode”: “use_map”,
“userinfo_scope”: “openid email profile groups”
}

This did not add the given_name and family_name to my Okta workforce users “Raw JSON”.

How can I get the Okta profile values to sync to the Okta-managed Auth0 user on every login?

Hi @kpaynter

Thank you for reaching out to us!

In general, it would depend on how the attributes are configured on the user’s profile ( Okta side ) and how they are sent from Okta to your Auth0 tenant; I recommend checking the mappings on the Okta side, as they might sent as given_name and family_name, therefore you should map them as :

“given_name”: “${context.tokenset.given_name}”,
“family_name”: “${context.tokenset.family_name}”

If you do not observe any changes, check if the attributes are present in the token sent from
Okta, as that could also be a root cause of the issue.

Looking forward to your update and findings.

Wishing you a great weekend!
Gerald

Hello Gerald,

Thanks for your response. I tried the mappings in the Auth0 Okta Integration settings that you suggested. This threw the same error on the Auth0 log:

“description”: “Error transforming template due to missing keys (2) from IdP context”,

The closest I came to succeeding in a test was this mapping:

“given_name”: “${context.tokenset.name}”,

This actually inserts the Okta “name” into the Auth0 root as “given_name”, so the left hand part of the mapping is correct but the right part (firstName, lastName) is not being found in the token. (Even when I include “given_name” or family_name” in the right part of the mapping assignment.)

It seems clear to me that Okta is not including the firstName or the lastName in the token, although they are included in the mapping in the Okta Auth0 Integration application.

Could you help me find where and how Okta decides what to include in the token?

I got this to work with these mappings in the Auth0 Okta Integration settings.

image

Thanks so much for your help.