I am using the API (.NET SDK) to automate the creation of Identity Providers. Everything works as expected with the exception of profile attribute mapping.
I only want first name, last name, email and login to be mapped from the profile source to the Okta user, both on creation and any future login. By default, a bunch of other attributes are mapped, including things like nickname and street address.
I have tried explicitly limiting the properties to only those I want:
Dictionary<string, ProfileMappingProperty> newProperties = [];
newProperties.Add("firstName", new ProfileMappingProperty
{
Expression = "appuser.givenname",
PushStatus = "PUSH"
});
newProperties.Add("lastName", new ProfileMappingProperty
{
Expression = "appuser.surname",
PushStatus = "PUSH"
});
newProperties.Add("email", new ProfileMappingProperty
{
Expression = "appuser.email",
PushStatus = "PUSH"
});
newProperties.Add("login", new ProfileMappingProperty
{
Expression = "appuser.email",
PushStatus = "PUSH"
});
newProperties.Add("source", new ProfileMappingProperty
{
Expression = $"\"{idpName}\"",
PushStatus = "PUSH"
});
ProfileMappingRequest request = new()
{
Properties = newProperties
};
await mappingClient.UpdateProfileMappingAsync(profileMappingId, request);
Console.WriteLine("Profile Mapping updated");
And while this code doesn’t fail, it doesn’t remove the mappings not explicitly listed here.
I have also tried iterating through the existing properties and switching the PushStatus to DONT_PUSH for anything I don’t want, but this fails with an error about profile sources only supporting PUSH. Plus, I don’t think this is what I want anyway, as DONT_PUSH would still push the attribute on creation.
What I want, is the ability to mimic the UI, in which I can manually go through the mappings and specify “Do not map” for ones I don’t want. Any ideas how I achieve this via the API?