Tommy HilfigerLACES Trainers silver uYwpkKj

SKU-40153-swd84716
Tommy HilfigerLACES - Trainers - silver uYwpkKj
Tommy HilfigerLACES - Trainers - silver
Learn how to build your app on Okta, fast. Quick Starts

Navigation

TimberlandBoat shoes rootbeer smooth wkoXt2

Use Cases

API Reference

Change Log

How-To

Standards

Edit Page

Expressions allow you to reference, transform and combine attributes before you store them on a user profile or before passing them to an application for authentication or provisioning. For example, you might use a custom expression to create a username by stripping @company.com from an email address. Or you might combine and attributes into a single attribute.

This document details the features and syntax of Okta’s Expression Language which can be used throughout the administrator UI and API. This document will be updated over time as new capabilities are added to the language. Okta’s expression language is based on and uses a subset of functionalities offered by SpEL.

Referencing User Attributes

When you create an Okta expression, you can reference any attribute that lives on an Okta user profile or App user profile.

Okta user profile

Every user has an Okta user profile. The Okta user profile is the central source of truth for a user’s core attributes. To reference an Okta user profile attribute, just reference and specify the attribute variable name.

Application user profile

In addition to an Okta user profile, all users have separate Application user profiles for each of their applications. The Application user profiles are used to store application specific information about a user, such as application username or user role. To reference an App user profile attribute, just specify the application variable and the attribute variable in that application’s App user profile. In specifying the application you can either name the specific application you’re referencing or use an implicit reference to an in-context application.

IdP user profile

In addition to an Okta user profile, some users have separate IdP user profiles for their external Identity Provider. These IdP user profiles are used to store identity provider specific information about a user, and this data can be used in an EL expression to transform an external user’s username into the equivalent Okta username. To reference an IdP user profile attribute, specify the identity provider variable and the corresponding attribute variable for that identity providers IdP user profile. This profile is only available when specifying the username transform used to generate an Okta username for the IdP user.

Referencing Application and Organization Properties

In addition to referencing user attributes, you can also reference App properties, and the properties of your Organization. To reference a particular attribute, just specify the appropriate binding and the attribute variable name. Here are some examples:

Application properties

Organization properties

Functions

Okta offers a variety of functions to manipulate attributes or properties to generate a desired output. Functions can be combined and nested inside a single expression.

String Functions

The following Deprecated functions perform some of the same tasks as the ones in the above table.

Array Functions

Conversion Functions

Data Conversion Functions

Note: Convert.toInt(double) rounds the passed numeric value either up or down to the nearest integer. Be sure to consider integer type range limitations when converting from a number to an integer with this function.

Country Code Conversion Functions

These functions convert between ISO 3166-1 2-character country codes (Alpha 2), 3-character country codes (Alpha 3), numeric country codes, and full ISO country names.

Note: All these functions take ISO 3166-1 2-character country codes (Alpha 2), 3-character country codes (Alpha 3), and numeric country codes as input. The function determines the input type and returns the output is in the format specified by the function name.

For more information on these codes, see the ISO 3166-1 online lookup tool .

Group Functions

Group functions return either an array of groups or True or False .

For an example using group functions and for more information on using group functions for dynamic and static whitelists, see Create an ID Token or Access Token Containing a Groups Claim .

Linked Object Function

Early Access

Use this function to retrieve properties about the user identified with the specified relationship. You can optionally specify an app.

Time Functions

Okta supports the use of the time zone IDs and aliases listed in the Time Zone Codes table .

Manager/Assistant Functions

Directory and Workday Functions

The functions above are often used in tandem to check whether a user has an AD or Workday assignment, and if so return an AD or Workday attribute. See the ‘Popular Expressions’ table below for some examples.

Constants and Operators

Conditional Expressions

You can specify IF…THEN…ELSE statements with the Okta EL. The primary use of these expressions is profile mappings and group rules. Group rules do not usually specificy an ELSE component.

The format for conditional expressions is

There are several rules for specifying the condition.

The following functions are supported in conditions.

Note: Use the double equals sign, , to check for equality.

Samples

For these samples, assume that has following attributes in Okta.

Samples Using Profile Mapping

The following samples are valid conditional expressions that apply to profile mapping. The attribute is from another system being mapped to Okta.

If the middle initial is not blank, the full name is the first name, middle initial, a period, and the last name; otherwise it is the first name and the last name.

If there is a courtesy title, use it for the honorific prefix.

If either email2 or email3 exists, make additionalEmail true; otherwise, make it false.

Samples Using Group Rules

The following samples are valid conditional expressions. The actions in these cases are group assignments.

Popular Expressions

Sample user data:

Appendix: Time Zone Codes

Okta supports the use of the following time zone codes:

With Universal Directory, there are about 30 attributes in the base Okta profile and any number of custom attributes can be added. All App user profiles have a username attribute and possibly others depending on the application. To find a full list of Okta user and App user attributes and their variable names, go to People > Profile Editor. If you’re not yet using Universal Directory, contact your Support or Professional Services team.

keyword_item

A trailing comma may be present after the positional and keyword arguments but does not affect the semantics.

The primary must evaluate to a callable object (user-defined functions, built-in functions, methods of built-in objects, class objects, methods of class instances, and certain class instances themselves are callable; extensions may define additional callable object types). All argument expressions are evaluated before the call is attempted. Please refer to section GeoxRUFUS Walking sandals black XeLSz6Cegz
for the syntax of formal Pretty BallerinasSlipons nude LT5NA2TvVh
lists.

If keyword arguments are present, they are first converted to positional arguments, as follows. First, a list of unfilled slots is created for the formal parameters. If there are N positional arguments, they are placed in the first N slots. Next, for each keyword argument, the identifier is used to determine the corresponding slot (if the identifier is the same as the first formal parameter name, the first slot is used, and so on). If the slot is already filled, a FaithCAMMY Classic heels nude fcpIujK
exception is raised. Otherwise, the value of the argument is placed in the slot, filling it (even if the expression is None , it fills the slot). When all arguments have been processed, the slots that are still unfilled are filled with the corresponding default value from the function definition. (Default values are calculated, once, when the function is defined; thus, a mutable object such as a list or dictionary used as default value will be shared by all calls that don’t specify an argument value for the corresponding slot; this should usually be avoided.) If there are any unfilled slots for which no default value is specified, a TypeError exception is raised. Otherwise, the list of filled slots is used as the argument list for the call.

CPython implementation detail: An implementation may provide built-in functions whose positional parameters do not have names, even if they are ‘named’ for the purpose of documentation, and which therefore cannot be supplied by keyword. In CPython, this is the case for functions implemented in C that use to parse their arguments.

If there are more positional arguments than there are formal parameter slots, a TypeError exception is raised, unless a formal parameter using the syntax *identifier is present; in this case, that formal parameter receives a tuple containing the excess positional arguments (or an empty tuple if there were no excess positional arguments).

Celebrity Signature Visa® card

Apply Now

Need help planning?

1-800-647-2251

1-800-647-2251

Sign up for special offers

Learn more about Celebrity Cruises

Special Services

Customer Support

Company Information

Travel Tools

Travel Partner

All images of Celebrity Edge℠ are artistic renderings based on current development concepts, which are subject to change without notice.

Celebrity Edge and Edge are trademarks of Celebrity Cruises. © 2017 Celebrity Cruises. Ships' registry Malta and Ecuador. Legal Info | Privacy Policy