Update Keycloak User Attributes from Okta SAML Provider

Update Keycloak User Attributes from Okta SAML Provider

The post describes how to configure Keycloak and Okta to update Keycloak User Attributes from Okta SAML Provider

Why the User Attributes are empty?

In my previous post I have described how to configure Okta SAML Provider.

You may be wondering and want to ask me the question: “Michael, why the User Attributes are empty? I have values in Okta but the in Keycloak values are empty.”

You need to configure Okta to add the User Attributes to the SAML assertion and then you need to configure Keycloak to add these Attributes to the user.

Let’s do this.

Okta configuration

You need to edit SAML Settings in your SAML application and to add Attribute Statements.

Select user.firstName from the Value list:

Provide the firstName Name and press on the Add Another button:

Add lastName from the user.lastName value and email from the user.email value and save the configuration.

Keycloak configuration

Open Keycloak admin page, open Identity Providers, select the SAML provider from the list of configured providers, open the Mappers tab and press on the Create button:

Select Attribute Importer Mapper Type:

Provide firstName for Name, Attribute Name, Friendly Name and User Attribute Name fields and press Save:

Note, that Attribute Name is the name of the SAML attribute configured in the Okta application. The User Attribute Name is the Keycloak user attribute name.

Add in the same way mappers for the firstName and the lastName attribute:

The User Attributes are full

The magic is happens, and the User Attributes are full after Okta authentication:

Enjoy Keycloak and Okta