In Workspace ONE Access, you might have configured additional attributes and would like to populate those attributes from your source of truth such as Okta.
Perhaps its a single attribute:
Or maybe you have many attributes:
When these attributes are created in Workspace ONE Access, they are created in a custom schema. The schema is in the following format:
urn:scim:schemas:extension:workspace:tenant:TENANT:1.0
The TENANT will be replaced by your actual tenant name, such as "urn:scim:schemas:extension:workspace:tenant:dsas:1.0".
If you are unsure, I recommend you use Postman to query the user using the GET API. ie. {{tenant_url}}/SAAS/jersey/manager/api/scim/Users?filter=userName%20eq%20%22steve%22
Here is a sample Postman that I'll use as my guideline. Note - this step is not required but I will use it to demonstrate my approach.
Now that we know how attributes are stored in Workspace ONE Access, lets configure Okta to send these attributes
- Open the Workspace ONE Application in Okta
- Click on the Provisioning Tab
- Click on " Go to Profile Editor"
- Click Add Attribute
- Enter the Display Name, Variable Name and External Name exactly how it is created in WS1 Access (ie. objectGUID).
- Enter the custom schema as we noted above. Make sure your tenant name is included correctly.
- Check the user personal checkbox under Scope
- Click Save
- Repeat this process for all the attributes you want to provision.
- Click on Mappings
- Click on the Okta User to VMware Workspace ONE Tab (Note: My image below is slightly different as I've renamed my application)
- Select the correct attribute to map. In my environment, I'm mapping the ExternalID to the objectGUID
Note: You can get the AD objectGUID using: findDirectoryUser().externalId - Click Save Mappings
- Click Apply Updates Now