User Attributes provide another powerful way to manage devices using a user-centric approach that can reduce a lot of admin time and simplify workflows. Once an end-user signs into their identity provider account, data returned from the provider is available within Addigy as device facts. Data such as Employee Department, Hire Date, Employee Type, etc., are very useful for automating Addigy in response to changes in your organization.
Prerequisites:
- Addigy Identity is configured as outlined in our Okta setup guide.
- Have admin level permissions in the Okta instance.
Steps To Enable User Attributes For Okta
Create API Token in Okta:
- Login to Otta's Admin Console.
- Go to Security > API in the side bar.
- Select the Tokens tab.
- Click "Create Token" and name the token.
- Copy the Token Value.
Enable Collect User Attribute Data:
- Within the policy's Addigy Identity configuration enable "Collect User Attribute Data".
- Paste the Token Value in Addigy's Identity field called API Token.
- Scroll to the bottom of the page and click "Save Changes"
Supported Attributes
The table below list the supported attributes name, mapping value, and meaning:
Addigy Attribute Name |
Attribute Mapping Value |
Attribute Meaning |
Identity Email |
Email address for the user; for example: ["j@companyname.com"] NOTE: This property cannot contain accent characters. |
|
Identity Employee Department |
department |
The name of the department in which the user works. |
Identity Employee Type |
employeeType |
Captures enterprise worker type. For example, Employee, Contractor, Consultant, or Vendor. |
Identity Mobile Phone |
mobilePhone |
The primary cellular telephone number for the user. |
Identity Provider Name |
okta, google, azure | The name of the Identity Provider. |
Identity User Display Name |
displayName |
The name is displayed in the directory for the user. This is usually the combination of the user's first and middle initial and last names. This property is required when a user is created and cannot be cleared during updates. |
Identity Username |
userPrincipalName |
The UPN is an Internet-style login name for the user based on the Internet standard RFC 822. By convention, this should map to the user's email name. The general format is alias@domain, where the domain must be present in the tenant's collection of verified domains. This property is required when a user is created. |
| Identity Office Location | usageLocation | A two letter country code (ISO standard 3166). Examples include: US, JP, and GB. |
Identity Password Set Date |
lastPasswordChangeDateTime |
The time when this Azure AD user last changed their password or when their password was created, whichever date the latest action was performed. |
FAQs
How often does this data refresh?
User Attributes refreshes every time the end-user successfully signs in.
What should I do with these attributes?
We recommend utilizing User Attributes to automatically filter devices using flex policies.
Does this new feature cost extra?
This feature does not come with an additional cost.
Where do I go to see these populated fields?
One Device: GoLive > Overview. Search for "Identity".
Multiple Devices: go to the devices page > Click on Columns > Search for "Identity". Then, select the attributes you would like to see.
I don't have this feature enabled. Does Addigy still collect the user data?
User information is only collected if the Collect User Attributes setting is enabled.
Why do some of my device facts show N/A?
It could mean the end-user still needs to sign in successfully or that the field in the Identity Provider directory is blank. It could also mean the feature is not enabled or configured properly.