Hello,
I have question about how to map a field for the OKTA → SCIM direction for the primary value for email. The SCIM 2 Test App (Header Auth) has the following fields defined on the SCIM side:
Display name: Primary email Type
Variable name: emailType
External name: emails.[1].type
External namespace: urn:ietf:params:scim:schemas:core:2.0:User
Display name: Primary email
Variable name: email
Exernal name: emails.[2].value
External namespace: urn:ietf:params:scim:schemas:core:2.0:User
And the mappings from OKTA profile to SCIM:
(user.email != null && user.email != ‘’) ? ‘work’ : ‘’ mapped to emailType
user.email mapped to email
Instead of this, what we would like is to define a custom field on OKTA profile that user can set that specifies which of the email types is to be primary:
Display name: Primary Email Type
Variable name: user.primaryEmailType
Enum: on
Attribute members:
Display name: Work Value: work
Display name: Personal Value: personal
Display name: Alternate Email 1 Value: alternate1
Display name: Alternate Email 2 Value: alternate2
We have 2 custom fields in OKTA user profile for alternateEmail1 and alternateEmail2.
We have 4 fields in our SCIM profile:
Display name: Work Email
Variable name: workEmail
External name: emails.[3].value
External namespace: urn:ietf:params:scim:schemas:core:2.0:User
Display name: Personal Email
Variable name: personalEmail
External name: emails.[4].value
External namespace: urn:ietf:params:scim:schemas:core:2.0:User
Display name: Alternate Email 1
Variable name: alternateEmail1
External name: emails.[5].value
External namespace: urn:ietf:params:scim:schemas:core:2.0:User
Display name: Alternate Email 2
Variable name: alternateEmail2
External name: emails.[6].value
External namespace: urn:ietf:params:scim:schemas:core:2.0:User
On the OKTA to SCIM mapping we have:
user.email mapped to workEmail
user.second mapped to personalEmail
user.alternateEmail1 mapped to alternateEmail1
user.alternateEmail2 mapped to alternateEmail2
Now we want to be able to define a field in SCIM and map it to our OKTA profile custom field user.primaryEmailType so that the primary=true gets set for right email type when OKTA does an update from OKTA to SCIM.
In other words we want to set things up such that if user sets their primaryEmailType in OKTA profile to personal then update will happen to user on SCIM side with emails part as for example:
“emails”:[
{
“type”:“work”,
“value”:“apicreateATabc.com”
},
{
“type”:“personal”,
“value”:personalATabc.com,
“primary”:true
},
{
"type":"alternate1",
"value":"alternate13ATabc.com"
},
{
"type":"alternate2",
"value":"alternate23ATabc.com"
}
],
And if user sets the primaryEmailType in OKTA profile to alternate1 then this:
“emails”:[
{
“type”:“work”,
“value”:“apicreate3ATabc.com”
},
{
“type”:“personal”,
“value”:personal3ATabc.com"
},
{
“type”:“alternate1”,
“value”:“alternate13ATabc.com”,
“primary”:true
},
{
“type”:“alternate2”,
“value”:“alternate23ATabc.com”
}
],
So question is how do we set this up as a field on SCIM profile and define mapping between our okta profile custom field primaryEmailType and SCIM field in order for this to happen.
Regards,
LT