Google OIDC Attribute Mapping

I’ve created an IDP for Google using the following scopes:

openid
profile
email
https://www.googleapis.com/auth/admin.directory.group

And expected to be able to map the attribute from the admin.directory.group to a field for the General Profile but when I go to add a custom attribute it does not show as an option. Am I missing something?

On the Identity Providers page, if you click on Configure → Edit Profile and Mappings did you create a custom attribute to map to the claim returned by that scope? I believe the “External name” needs to match the name of the claim in the id token.


I think this is the issue I’m experiencing. I don’t see it as an option or is this the wrong area?

Looks like when you use the Google social identity provider you’re stuck with a limited list of attributes.

You can try setting up a generic OIDC identity provider which will allow you to add custom attributes.
https://developer.okta.com/docs/guides/add-an-external-idp/openidconnect/configure-idp-in-okta/

1 Like

Thanks, this gives me the flexibility that I was looking for so now it looks like I need to start digging into a way to map values to the userinfo endpoint from Google into the Okta User Profile. Specifically I’m looking into trying to get Roles and Groups. If anyone has information I would appreciate it.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.