In Auth0, my Okta Integration is set to sync user profiles “On each Login”. In Okta the Auth0 Integration app has the following User Profile Mappings:
user.firstName→given_name
user.lastName→family_name
I assume that given the above settings, the mapped Okta user profile values should sync to the Auth0 user on each login. However, the firstName and lastName in the Okta profile never get updated to the Auth0 given_name and family_name. (Whereas the email, federated_groups, federated_zoneinfo, and federated_locale values DO get updated)
I have tried adding the given_name and family_name to the settings in the Authentication→Enterprise→Okta Workforce→my connection→ user mapping as follows:
In general, it would depend on how the attributes are configured on the user’s profile ( Okta side ) and how they are sent from Okta to your Auth0 tenant; I recommend checking the mappings on the Okta side, as they might sent as given_name and family_name, therefore you should map them as :
Thanks for your response. I tried the mappings in the Auth0 Okta Integration settings that you suggested. This threw the same error on the Auth0 log:
“description”: “Error transforming template due to missing keys (2) from IdP context”,
The closest I came to succeeding in a test was this mapping:
“given_name”: “${context.tokenset.name}”,
This actually inserts the Okta “name” into the Auth0 root as “given_name”, so the left hand part of the mapping is correct but the right part (firstName, lastName) is not being found in the token. (Even when I include “given_name” or family_name” in the right part of the mapping assignment.)
It seems clear to me that Okta is not including the firstName or the lastName in the token, although they are included in the mapping in the Okta Auth0 Integration application.
We are thrilled to announce that Express Configuration with Okta is now Generally Available for Auth0 applications in the Okta Integration Network!
This feature is designed to bridge the gap between your Auth0 application and your enterprise customers who use Okta, making integration faster and less error-prone.
Key Highlights
Frictionless Onboarding: We’ve automated the setup process for your enterprise customers. Express Configuration handles the OpenID Connect (OIDC) setup for Single Sign-On, eliminating the need for manual copy-pasting of Client IDs and secrets.
Automated Provisioning (SCIM): User lifecycle management just got easier. This feature automatically configures System for Cross-domain Identity Management (SCIM) for seamless user onboarding and offboarding.
Enhanced Security: We’ve included Global Token Revocation (GTR) to support centralized session management, enabling Universal Logout capabilities right out of the box.
Availability
This feature is available immediately in all public cloud environments. It will be rolled out to private cloud environments according to their standard release pipeline.
Resources
Ready to streamline your enterprise integrations? Check out the documentation below:
