How to configure and get custom attribute in okta with saml2.0

Question

I am using okta as idp in my application, I want to configure custom attribute eg: ID, how can be done in okta? and how to set those values in okta?

Answer 1

Here's the procedure to add custom attributes to Okta's SAML assertion:

1. From your Okta organization's dashboard go to Admin -> Directory -> Profile Editor
2. In the "Okta" profile, select the "Profile" button

3. Identify the "Variable Name" (not the "Display Name") value of the user attribute you'd like to add. For example, let's try to add the "title" attribute.

4. Navigate to the "Applications" tab and select the SAML app you would like to add this custom attribute to.
5. Select the "General" tab
6. In the "SAML Settings" settings, press the "Edit" button. This should launch the App Configuration wizard, as if it was a new SAML app
7. Press the Next button and scroll down to the "Attribute Statements (Optional)" section
8. Press the "Add Another" button

9. In the first text box, enter the name of the SAML attribute you are expecting in your app and that will be available in your SAML assertion (I've chosen "jobTitle"). In the second text box, enter the variable name from the Okta profile, prefixed with "user." (such as "user.title")

10. Press "Next" and then "Finish"

When you test your app, you should get the following SAML AttributeStatement node:

<saml2:AttributeStatement xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Attribute Name="firstName"
                         NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
                         >
            <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
                                  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                  xsi:type="xs:string"
                                  >Isaac</saml2:AttributeValue>
        </saml2:Attribute>
        <saml2:Attribute Name="lastName"
                         NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
                         >
            <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
                                  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                  xsi:type="xs:string"
                                  >Brock</saml2:AttributeValue>
        </saml2:Attribute>
        <saml2:Attribute Name="Email"
                         NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
                         >
            <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
                                  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                  xsi:type="xs:string"
                                  >[email protected]</saml2:AttributeValue>
        </saml2:Attribute>
        <saml2:Attribute Name="userName"
                         NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
                         >
            <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
                                  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                  xsi:type="xs:string"
                                  >[email protected]</saml2:AttributeValue>
        </saml2:Attribute>
        <saml2:Attribute Name="phone"
                         NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
                         >
            <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
                                  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                  xsi:type="xs:string"
                                  >+1 415 456 7893</saml2:AttributeValue>
        </saml2:Attribute>
        <saml2:Attribute Name="jobTitle"
                         NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
                         >
            <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
                                  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                  xsi:type="xs:string"
                                  >Vice President</saml2:AttributeValue>
        </saml2:Attribute>
    </saml2:AttributeStatement>

(note the last "jobTitle" attribute)

I hope this helps!

Answer 2

You can use SDK Methods to Fetch And Then modify custom attributes of IAppUser. You can fetch User using following SDK Method.These are Asynchronous Methods. You can use following 2 methods to fetch:-

        public async Task<IAppUser> GetOktaApplicationUser(string oktaProfileId)
        {
           var x = await 
        Client.Applications.**GetApplicationUserAsync**(ConfigurationManager.AppSettings["okta:ClientId"], 
                          oktaProfileId);
           return x;
        }
   var userApp = client.GetOktaApplicationUser(oktaProfileId).Result;
   var userWithCustomAttributes = userApp.**GetData**();   //Getdata() to get Custom Attributes of User

You can use jsonConvert to serialize it so that you can deserialize it to get data in your own Model(class)

   string json = JsonConvert.SerializeObject(userWithCustomAttributes, Formatting.Indented);
      userWithCustomModel = JsonConvert.DeserializeObject<"CustomModel">(json);

Above Method was to get User .. Then you can modify and send the modified user using following SetProperty() Method of IAppUser as follows:-

 public async Task<bool> UpdateApplicationUser(CustomModel user)
        {
            **IAppUser** appuser = new Okta.Sdk.AppUser();
            appuser.Profile = new Resource();
            appuser.Id = user.id;
            appuser.Profile.**SetProperty**("email", user.profile.email);
            appuser.Profile.**SetProperty**("<"Your custom attribute name">", user.profile.Roles);                                                                                                              
            try
            {
                var x = await Client.Applications.**UpdateApplicationUserAsync**(appuser, ConfigurationManager.AppSettings["okta:ClientId"], appuser.Id);
                return true;
            }

UpdateApplicationUserAsync this method will modify your custom attributes which you set using setproperty(). In setproperty() first argument I've used string constant you can use your own according to your mapping variable name for that particular custom attribute.