> ## Documentation Index
> Fetch the complete documentation index at: https://bloodhound.specterops.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Okta_ManagerOf

> Manager relationship between Okta users

<img noZoom src="https://mintcdn.com/specterops/tTIczgde9H07oLXf/assets/enterprise-AND-community-edition-pill-tag.svg?fit=max&auto=format&n=tTIczgde9H07oLXf&q=85&s=ad49a576589f4d2a8081df77d07fdf56" alt="Applies to BloodHound Enterprise and CE" width="482" height="45" data-path="assets/enterprise-AND-community-edition-pill-tag.svg" />

## Edge Schema

* Source: [Okta\_User](/opengraph/extensions/okta/nodes/okta_user)
* Destination: [Okta\_User](/opengraph/extensions/okta/nodes/okta_user)
* Traversable: ❌

## General Information

Okta uses the `Manager` and `ManagerId` user profile attributes to represent managerial relationships. Unfortunately, these attributes can have any arbitrary value and their referential integrity is not enforced by Okta. They are not even synchronized from external directories by default.

Our recommendation is to map the `ManagerId` attribute to the login of the manager in Okta. When synchronizing users from Active Directory, the `getManagerUser("active_directory").login` mapping expression can be used to achieve this. Such values are automatically recognized by the OpenHound Okta collector.

The **non-traversable** Okta\_ManagerOf edges represent the organizational structure in BloodHound:

```mermaid theme={null}
graph LR
    u1("Okta_User john\@contoso.com")
    u2("Okta_User steve\@contoso.com")
    u3("Okta_User mary\@contoso.com")
    u4("Okta_User bob\@contoso.com")
    u5("Okta_User alice\@contoso.com")
    u1 -. Okta_ManagerOf .-> u2
    u1 -. Okta_ManagerOf .-> u3
    u3 -. Okta_ManagerOf .-> u4
    u3 -. Okta_ManagerOf .-> u5
```