When G Suite users are provisioned in Okta, by default they do not have the “primary” attribute included in the organizations section of their properties. BetterCloud requires this attribute in order to properly ingest user data and run Workflows. Here is a comparison of what the organizations field looks like in the API response when retrieving a user's information with and without the necessary attribute:
Fortunately, Okta allows you to configure your mappings to include the primary attribute. You can do so using the steps outlined in this article.
Create a custom Okta attribute
- Navigate to Users > Profile Editor from the top menu
- Click “Profile” next to Okta:
- Add an attribute:
- Add a boolean attribute called “primary”:
If “Attribute Required” is set to “Yes”, you will be prompted to set this attribute whenever you create a user.
Please Note: You should not set the attribute to be required if you plan on creating Okta users in BetterCloud. BetterCloud does not currently support defining custom attributes when creating users, and attempting to create a user without a required attribute will always fail.
Add the Organizations Work Primary field to G Suite's attributes
- Select G Suite in your applications, available under Applications > Applications from the top menu:
- In the provisioning tab of the G Suite settings, at the bottom of the page, find "Edit Attributes":
- Select "Add Attribute":
- Find the Organizations Work Primary attribute:
Check the box next to it, and click "Save".
Map the custom Okta attribute to the G Suite attribute
- In the G Suite Profile Editor select “Map Attributes”:
This option is also available at the bottom of the provisioning tab for G Suite, under "Edit Mappings":
- In the Okta to G Suite tab, map your user.primary Okta attribute to the organizationsWorkPrimary G Suite attribute at the bottom of the page:
Set the custom Okta attribute to true when provisioning
You can provision in several ways in Okta, but regardless of the method you use, you should verify that the user has the custom “primary” attribute set to “true” in their Okta profile before assigning them to G Suite:
If you have made the Okta attribute a required attribute, you will be prompted to select it when creating a user individually:
The attribute will also be included in the bulk import spreadsheet once it has been configured:
This will allow you to set the attribute's value to “TRUE” when creating multiple users at once.
If you set your custom attribute to true during the provisioning process, it will automatically be mapped to the correct field in the user’s Google properties once you assign the Okta user to G Suite, allowing the user’s information to be properly displayed and acted upon in BetterCloud.
Please Note: While requiring the primary attribute may make it easier if you are provisioning users directly in Okta, you should not set the primary attribute to be required if you plan on creating Okta users using BetterCloud. BetterCloud does not currently support defining custom attributes when creating users, and attempting to create a user without a required attribute will always fail.