Make names optional in Active Directory

Okta has defined 31 default base attributes for all users in an org. These base attributes are fixed and can't be modified or removed, with two exceptions: First Name and Last Name. These two attributes can be marked as required or optional for Okta and Active Directory (AD)-sourced users.

Name attributes are mandatory for provisioning Office 365 through the Okta Admin Console.

To import AD-sourced users with blank name attributes, follow these guidelines:

• First mark the attributes as optional in the Okta user profile and the AD user profile. Otherwise the import or Just-in-Time (JIT) provisioning operations fails.
• If auto-confirm is selected for matching users on import, the import fails in the creation flow if the Okta and AD user profile settings don't match.
• If either attribute is marked as not required during import and you later mark it as required, then users with the blank attribute are deactivated on the next full import. When users are deactivated they're unable to sign in to Okta.

Procedure

1. In the Admin Console, go to DirectoryProfile Editor.
2. Click Directories in the Filters list.
3. For Active Directory, click Profile in the Actions column.
4. Click information for the firstName variable.
5. Clear the Attribute required checkbox.
6. Click Save Attribute.
7. Repeat steps 4–6 for the lastName variable.