Custom user metadata when profile is sourced from external IDP

I want to define custom metadata fields for my users in Okta. I created custom attributes in Okta profiles and confirmed I can update them, however since many of my users are federated from an external IDP and we are sourcing their profile from the external IDP, it will not let me write to the custom attributes I created for these users. I know I could disable the sourcing of the profile from the external IDP, but then I risk my profile information for these users going out of date.

Is there a way for me to define and add data to custom metadata fields for Okta users that were JIT created and have their profile sourced from some external source?

To clarify, when I try to modify one of these custom attributes for a user that was externally sourced, I get a Okta 403 (Operation failed because user profile is mastered under another system) error.


In the profile editor (Directory > Profile Editor) you can provide some type of default mapping from the external IdP profile to the Okta user profile for this custom attribute.

  • If hard coded this value will be used for all users of this IdP.
  • You can also create an expression that pulls it from an attribute passed by the external IdP.

If the above does not give enough control I would suggest to open a case with the Okta support team try the forum here that supports more of the profile management type of issues.


Thanks for responding, but that solution doesnt solve my issue. I need a field that is not hardcoded and that only my internal services can edit, not my external customers. I will ask this question in the forum you suggested