On this page
User profiles
A user profile in Okta is the data record where user information is stored. A typical user profile contains information, or attributes, such as a user’s first name, last name, username, and email address. Users can be employees, customers, partners, or end-users of apps.
The default Okta user profile has 31 user attributes, which you can customize based on client requirements. You can add other custom attributes to the user profile to support most client user needs. Custom profile attribute types enable you to customize the user experience even more, based on your org and app needs.
You can manage user profile design and customization for your org, and individual user updates, from the Admin Console or using specific APIs.
See also Users, Groups, and Profiles (opens new window).
What is the Okta Universal Directory
The Okta Universal Directory is the service that stores all the information on your users (user profiles) for your organization. Depending on the setup for your org, Universal Directory can serve as the "single-source-of-truth" for your users.
Also, Universal Directory holds app user profiles that define the attributes that apps require from individual users. For example, one app might only need to know the user’s name as one string (for example, "John Doe"). Another app might require that the user’s first and last names be separate (for example, "John" and "Doe"). Furthermore, some apps might store sensitive information, like a user’s address, while other apps don’t. If you share the same user profile with each app, both apps can access data they don't need or aren't authorized to view. With Universal Directory, you can be sure that each app only gets the data it needs.
Universal Directory has a single Okta user profile for every user and an app user profile for each app. The user profile is the primary place to store all user information, and the app user profile is where app-specific information is stored.
You can manage the User profiles in Universal Directory from the Admin Console or use the User API.
You can manage the Apps user profiles in Universal Directory from the Admin Console or use the Apps API.
User mappings
In addition to storing user profiles and app user profiles, Universal Directory maps data from one profile to another. This keeps data synchronized between all of your apps. For example, you can store a user’s first and last name in the user profile and map that data to an app user profile. A single change to a field in a User Profile is reflected in all the apps that map to that field.
See also About attribute mappings (opens new window)
You can manage the Universal Directory mappings between profiles using the Admin Console or the Profile Mappings API (opens new window).
User Profile types
Okta has two basic user profile types that define a user in the Universal Directory: Okta user profile type and app user profile type. The Okta user profile type is further composed of Group profile types and Custom profile types.
See About profile types (opens new window) and About custom user types in Universal Directory (opens new window)
Okta user profile type
The Okta user profile type defines the default user record used in the Universal Directory. The default user profile contains 31 attributes in accordance with the RFC System for Cross-domain Identity Management: Core Schema (opens new window) and can also be extended with custom attributes. To manage the default user profile, use the Users API, and review the Profile object and the User object for further information.
Group profile type
Okta groups simplify management of multiple users of the same type. See About groups (opens new window). The Group profile itself consists of attributes, and can be defined and managed with the Groups API. See the Group object and Group attributes.
Custom profile type
The custom user profile type is based on the Okta user profile type. It defines different types of users, like admins, contractors, and help desk. Similar to the default Okta profile, the custom user profile type contains 31 attributes and you can extend it with custom attributes. See About custom user types in Universal Directory (opens new window).
The User Types API defines and manages the custom profile types.
User profiles can only belong to one user profile type. The User object property type
defines the custom user profile (or default profile) that the user is associated with.
Note: The default Profile object property
userType
is a user profile attribute and isn’t a reference to the default or custom profile type.
App user profile type
The app user profile type defines the attributes available for a user of that app in the Universal Directory. The app user profile attributes are mapped to the user profile and determine the data that you can send to or import from an app. Similar to user profiles, the app user profile has base attributes and custom attributes.
The available custom attributes, however, are determined by the app. You can manage the app user profile type with the Apps API. Review the Application User Profile object and the Application User object for further details.
Universal Directory schemas
You can store many different types of data in a user profile such as strings, numbers, dates, lists. A schema is a description of what type of information is stored in a user profile. Each element in a schema is known as an "attribute" and each attribute has the following metadata or properties:
- Data type: What kind of data is being stored. Examples include, string, number, and Boolean.
- Display name: A human readable label to be used in User Interfaces
- Variable name: The machine-readable identifier for the attribute
- Description: A more in-depth description of what the attribute is for
- Enum: If the attribute value comes from a fixed list of choices
- Attribute Length: How long the value can be, as appropriate for the attribute’s data type
- Attribute required: If an attribute is required, Okta gives an error if the attribute isn’t included.
Schemas define every user profile type: Okta default user profile, custom user profiles, group user profiles, and app user profiles. The Schemas API (opens new window) manages operations for all user profiles. See User Schema object (opens new window), App User Schema object (opens new window), and Group Schema object (opens new window).