Removing Profile Attribute Mapping via API

I am using the API (.NET SDK) to automate the creation of Identity Providers. Everything works as expected with the exception of profile attribute mapping.

I only want first name, last name, email and login to be mapped from the profile source to the Okta user, both on creation and any future login. By default, a bunch of other attributes are mapped, including things like nickname and street address.

I have tried explicitly limiting the properties to only those I want:

    Dictionary<string, ProfileMappingProperty> newProperties = [];

    newProperties.Add("firstName", new ProfileMappingProperty
    {
        Expression = "appuser.givenname",
        PushStatus = "PUSH"
    });

    newProperties.Add("lastName", new ProfileMappingProperty
    {
        Expression = "appuser.surname",
        PushStatus = "PUSH"
    });

    newProperties.Add("email", new ProfileMappingProperty
    {
        Expression = "appuser.email",
        PushStatus = "PUSH"
    });

    newProperties.Add("login", new ProfileMappingProperty
    {
        Expression = "appuser.email",
        PushStatus = "PUSH"
    });

    newProperties.Add("source", new ProfileMappingProperty
    {
        Expression = $"\"{idpName}\"",
        PushStatus = "PUSH"
    });

    ProfileMappingRequest request = new()
    {
        Properties = newProperties
    };

    await mappingClient.UpdateProfileMappingAsync(profileMappingId, request);
    Console.WriteLine("Profile Mapping updated");

And while this code doesn’t fail, it doesn’t remove the mappings not explicitly listed here.

I have also tried iterating through the existing properties and switching the PushStatus to DONT_PUSH for anything I don’t want, but this fails with an error about profile sources only supporting PUSH. Plus, I don’t think this is what I want anyway, as DONT_PUSH would still push the attribute on creation.

What I want, is the ability to mimic the UI, in which I can manually go through the mappings and specify “Do not map” for ones I don’t want. Any ideas how I achieve this via the API?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.