Configuring Progressive Profiling for Your Custom Apps

At Okta, we see our customers deploy and build a broad range of customer-facing applications. At times, the completeness of a user profile may vary, depending on what is initially known about the user and any additional information that accrued over time. Progressive profiling is used to incrementally collect profile data over time, as a relationship is built, or as use cases expand.

In the past, this may have been the purview of a marketing initiative; but today, it’s required for a more expansive set of use cases. Even simple scenarios, like changes in a profile structure or an apps’s required profile attributes, may dictate the need to progressively add new information about a user that may not have previously been required.

For example, your team may build an additional app that requires additional profile information before providing access (e.g., a birth date or Tax ID) or your company may simply expand the definition of a user profile. For the latter scenario, you may not have that information today, but want to gather that for future user experiences.

The following sections detail a simple, pragmatic, and powerful configuration that customers can use to support such a use case. In it, as an Okta Administrator, you will use Okta’s Expression Language to configure your Okta tenant to pass data back to the app during authentication or authorization, indicating that optional or required data is absent. These options can be configured on a per-app level.

1. Add Required or Optional attributes to Universal Directory

Universal Directory and Okta’s Expression Language give you the flexibility to use dynamic logic to reference, transform, and combine attributes before you add them to a user profile or before passing them to an app for authentication. These are powerful tools, allowing apps to interact with each other, and very useful when logical patterns are needed to create user attributes.

In this case, Okta’s Expression Language is used to determine whether a profile has the Required or Optional fields that a business or app requires. First, you would create an attribute in your profile definition, just as you would with any other attribute in Okta. This will be used to house the attributes that were not collected from the user. On the Add Attribute page of Okta, these attributes should be configured as data type string array.

2. Configure Expression logic to surface empty attributes as Optional or Required

Leverage the power of Okta’s Expression Language logic to explicitly surface attributes that have yet to be collected. In the screenshot below, the req and opt attributes are used to make a sweep of the attributes and identify those that are empty.

This code is used in the req attribute, which surfaces any empty dl or license_plate attributes:

 Arrays.flatten(   {},   ((user.dl == "" OR user.dl == NULL) ? "dl" : {}),   ((user.license_plate == "" OR user.license_plate == NULL) ? "license_plate" : {}) )

3. Configure your ID token or Access token to contain a list of Universal Directory fields that are required for your use case.

Configure an API Access Management token (either ID or Access) to contain a field under the Claims tab, populated with logical outcomes from your Okta Expression Language output.

In more sophisticated use cases, where the attribute is required rather than optional, sensitive resources would be protected via custom scopes—which wouldn’t be granted unless a specific attribute existed in the App User profile.

4. Implement client-side logic to parse out and surface

From here, client-side logic would parse out the fields that are requested, and surface it in the app in a manner that is seamlessly integrated into the app flow.

The app would then make a call to Okta’s APIs to update the profile information for that user. The parameters for that call can be found in our Developer documentation.

This implementation requires simple app-side code, implemented once, and seamlessly adaptable to changes to either the profile structure or information that is available for each user. It also takes the burden off of your developers, with logic that adapts to your profile structure and requires no subsequent app code updates.

Interested in even more details on how we can support your custom app? Talk to an Okta representative or put your login experience to the test with our free assessment.