Google Okta Integration - Useful Okta Expressions

I would put some expressions based on Okta Expression language that might help if you have related use case.

Okta Expressions

To Parse the Organizational Unit from distinguishedName (dN)

Example –> Dn = CN=R A,OU=Third OU,DC=ad,DC=goldyarora,DC=com

Need to parse just the OU name, example “Third OU” from above.

Expression -:

String.substringAfter(String.replace(appuser.managerDn, “,DC=ad,DC=goldyarora,DC=com”,””), “OU=”)

Explanation -:

Following internal expression to remove ,DC=ad,DC=goldyarora,DC=com from the string, and then we are left with CN=R A,OU=Third OU

String.replace(appuser.managerDn, “,DC=ad,DC=goldyarora,DC=com”,””

Outside string gets substring after the text after OU= in CN=R A,OU=Third OU

Parsing Manager’s Name from the CN

CN = “CN=R A,OU=Third OU,DC=ad,DC=goldyarora,DC=com”

String.substringBefore(user.manager, “,OU”) – get the part before ,OU

Now we are left with CN=R A

Add another express to to get the part after =

Combine above both expression into one-:

String.substringAfter(String.substringBefore(user.manager, “,OU”), “=”)

Replace any domain while sending to downstream app-:

String.replace(user.email,String.substringAfter(user.email,”@”),”gsuitedomain.com”)

Replace any domain name from input to Google Workspace one

Conditional Expressions-:

Syntax ==> [Condition] ? [Value if TRUE] : [Value if FALSE]

// smtp based on org name – multiple conditions

If you have multiple brands, and want to assign Google Workspace primary email based on brand, you can use conditional expression to check for user attribute and assign email based on it as shown in example below.

(user.organization == “Brand One”) ? (String.substringBefore(user.email, “@”) + “@brandone.com”) : (user.organization == “Brand Two”) ? (String.substringBefore(user.email, “@”) + “@brandtwo.com”) : (String.substringBefore(user.email, “@”) + “@catchall.com”)

In above expression, Okta checks for user.organization attribute value, if it is equal to “Brand One”, it assigns brandone domain to user, otherwise it goes to next condition and assign brandtwo.com if user belongs to Brand Two, if both conditions are false, Okta assigns catchall.com domain.

Related Posts

....

Google - Okta Integration Guide - SSO & Provisioning Overview

Read more

Google Okta Integration Guide - SSO & Provisioning Terminology

Read more

User Provisioning to Google via OKta

Read more

SSO to Google via Okta

Read more

Google Cloud Platform with Okta SSO

Read more

SSO when Okta and Google domains are different

106
Read more

Google Okta Integration - Handle existing Google users

Read more

GCDS vs Okta - When to use GCDS vs Okta

Read more

Google Okta Integration FAQs

Read more