Provision user attributes to Incydr

Overview

Companies typically keep each employee's information in a directory service, such as Microsoft Active Directory, Workday, or Okta Universal Directory. This information includes the employee's job title, manager, department, work location, and so on. This information can be valuable when performing analysis of security events in Incydr.

To get this information into Incydr so it can be displayed in security dashboards, it must be provisioned from the provisioning provider in use at the company, such as Entra ID (Azure AD), Okta, PingOne, or User Directory Sync. This article provides an overview of the process.

Supported user attributes

The supported user attributes that can that can be provisioned to Incydr are:

• First name
• Last name
• Title 
• Division 
• Department 
• Employee Type
• Manager
• Locality (City)
• Region (State)
• Country
• External ID

Once they are provisioned, they may appear in the following places in the Incydr console:

• User profile
• Risk Exposure dashboard
• Watchlists
• All users list

Configure provisioning

To provision user attributes to Incydr, you must configure a supported provisioning provider. See the following articles:

• How to provision users to Incydr from Microsoft Entra ID (formerly Azure AD) 
• How to provision users to Incydr from Okta 
• How to provision users to Incydr from PingOne 
• Configure Incydr User Directory Sync 

When you configure a supported provisioning provider using the articles above, part of the setup is mapping user attributes to Incydr. These sections in the articles listed above describe user attribute mapping:

• Entra ID attribute mapping
• Okta attribute mapping
• PingOne attribute mapping
• User Directory Sync attribute mapping (configure the ldap.attrib.<attributeType> properties)

Troubleshoot problems with user attributes

User attributes do not appear after provisioning

If user attributes do not appear in the User profile and other features in the Incydr console after provisioning, check the Sync Log to ensure that user attributes were provisioned correctly. 

If provisioned user attributes don't appear in the Sync Log, refresh the provisioning synchronization:

• Entra ID/Azure AD: Click Restart Sync.
• Okta: Run a Force Sync or provision unprovisioned users.
• User Directory Sync: Perform a full synchronization.

External resources

• Entra ID / Azure AD
  • Tutorial: Configure Incydr for automatic user provisioning
  • Customizing user provisioning attribute-mappings for SaaS applications in Azure Active Directory
• Okta:
  • About attribute mapping
  • Work with profiles and attributes
• PingOne:
  • Supported attributes reference
  • Edit attribute mapping
  • Create advanced attribute mapping

Related topics

• How to provision users to Incydr from Microsoft Entra ID (formerly Azure AD)
• How to provision users to Incydr from Okta
• How to provision users to Incydr from PingOne
• Configure Incydr User Directory Sync