Linked Objects

Users have relationships to each other, like manager and subordinate or customer and sales representative. You can create users with relationships by using the Linked Objects API to represent the relationship.

1. Create a linked object definition such as Manager:Subordinate or Case Worker:Client. These pairs are represented by a primary attribute and an associated attribute.
2. Link users together to create the relationship between the two. You create a linked object value with a single request that links one primary and one associated user.

For each relationship:

• A user has at most one primary link (a user has a single manager), but can have many associated links (a user can have many subordinates).
• A user can be the primary in one relationship and the associated in another.
• A user can be both the primary and associated in the same relationship.

Okta Expression Language function for linked objects provides access to the details about a linked user.

Note: The linked objects feature isn't available for OpenID Connect claims.

Okta allows you to create up to 200 linked object definitions. These definitions are one-to-many, for example:

• A manager has many subordinates. Each subordinate has one manager.
• A sales representative has many customers. Each customer has one sales rep.
• A case worker has many clients. Each client has one case worker.

Most orgs have more than one manager or sales representative. You can create the linked object definition once, and then assign the primary relationship to as many users as you have people in that relationship.

You can assign the associated relationship for a single primary user to as many users as needed. The associated user can be related to only one primary per linked object definition. But you can assign a user to more than one linked object definition.

For example, assume that you've created one linked object definition for manager (primary) and for subordinates (associated):

• Joe is Frank's manager.
• Bob is Joe's manager, but Jane's subordinate.
• Jane is the CEO, so she reports to herself.

Thus, you can create chains of relationships (Jane > Bob > Joe > Frank) or terminal relationships (Jane is both primary and associated user).

Then, if you create another linked object relationship for scrum team membership, you could assign relationships to the same four users:

• Bob is the scrum lead for the Identity Scrum team.
• Joe and Frank are both contributors to the team.

Bob can be the primary for a Manager:Subordinate, an associated user for that same linked object definition, and also the primary for the Scrumlead:Contributor linked object definition.

To represent a relationship, create a linked object definition that specifies a primary (parent) relationship and an associated (child) relationship, and then add a link in which the appropriate user is assigned to each side of that link type.

If you created multiple user types (see User Types), they all share the same linked object definitions. For example, if you have separate user types for employees and contractors, a link could designate an employee as the manager for a contractor, with the contractor being a subordinate of that employee.

Link definition operations allow you to manage the creation and removal of the link definitions. If you remove a link definition, links based on that definition are unavailable.

Note: Links reappear if you recreate the definition. However, Okta is likely to change this behavior so that links don't reappear. Don't rely on this behavior in production environments.