Custom attributes for Okta SCIM applications
Configure custom user attributes in Okta so they are correctly sent to your SCIM application under the required extension namespace.
Overview
This SCIM integration supports custom user attributes only under this namespace:
urn:ietf:params:scim:schemas:extension:custom:2.0:UserIf Okta sends custom attributes with any other namespace, provisioning can fail or the attributes will be silently ignored.
Namespace rules
When creating a custom attribute in Okta's Profile Editor, configure all of these fields:
| Okta Field | Required | What to enter | Example |
|---|---|---|---|
| Variable Name | Yes | Internal Okta attribute key used in profile mappings — must be unique within the profile | customAttr1 |
| External Name | Yes | The SCIM custom attribute key sent under the extension URN object | custom_attr_1 |
| External Namespace | Yes | Must be exactly urn:ietf:params:scim:schemas:extension:custom:2.0:User | urn:ietf:params:scim:schemas:extension:custom:2.0:User |
Common mistakes that cause provisioning failures:
- Omitting the Variable Name — Okta requires this field and it must be unique in the profile
- Using a non-URN value as the namespace (e.g.,
tessssssssss)- Using a typo in the namespace (e.g.,
rn:ietf:params:scim:schemas:extension:custom:2.0:User— note the missinguinurn)- Including the full namespace path in the External Name field instead of the attribute key alone
Configure custom attributes in Okta
- Open Okta Admin Console.
- Navigate to Directory > Profile Editor.
- Select your SCIM application profile.
- Click Add Attribute (or edit an existing custom attribute).
- Set the following fields:
- Variable Name: Enter an internal Okta attribute key (e.g.,
customAttr1) - External Name: Enter the attribute key only (e.g.,
custom_attr_1) - External Namespace: Enter
urn:ietf:params:scim:schemas:extension:custom:2.0:User
- Variable Name: Enter an internal Okta attribute key (e.g.,
- Click Save and publish the attribute mapping.
- Re-run provisioning for a test user to verify the attributes are sent correctly.
Expected SCIM payload
After configuration, Okta sends custom attributes nested under the extension namespace object. Verify your test user's SCIM payload matches this structure.
Create User — POST /Users
POST /Users{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
"urn:ietf:params:scim:schemas:extension:custom:2.0:User"
],
"userName": "[email protected]",
"name": {
"givenName": "First",
"familyName": "Last"
},
"urn:ietf:params:scim:schemas:extension:custom:2.0:User": {
"custom_attr_1": "value-1",
"custom_attr_2": "value-2"
}
}Key details in this payload:
- The
schemasarray includes the core SCIM schema, the enterprise extension schema, and the custom extension schema. - Custom attributes appear as a top-level object keyed by the full namespace URN — not inline with standard user fields.
- Each attribute uses the External Name you defined in Okta (e.g.,
custom_attr_1).
Troubleshooting
Custom attributes are missing from the SCIM payload
Verify the External Namespace in Okta's Profile Editor is set to exactly urn:ietf:params:scim:schemas:extension:custom:2.0:User. Even a single character difference (such as rn: instead of urn:) causes Okta to omit the attributes.
Provisioning fails with a schema error
Check that the External Name contains only the attribute key (e.g., custom_attr_1) and does not include the namespace prefix. The namespace is set separately in the External Namespace field.
Attributes are sent but not applied to the user
Confirm the attribute mapping is published in Okta and that provisioning has been re-run for the affected user. Changes to attribute definitions require a new provisioning push to take effect.
Updated about 5 hours ago