Exclude username updates during provisioning

To ensure that provisioning events do not update the User Personal Name (UPN) or samAccountName in AD, change the mapping for these attributes.

  1. On the Okta AdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. Console, click Directory > Profile Editor.
  2. Click Directories in the Filters list.
  3. For Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management., click Mappings.
  4. Click Okta to <your AD instance>.
  5. In the drop-down next to samAccountName, select Apply mapping on user create only.
  6. In the userName attribute immediately below the samAccountName attribute, click Override with mapping.
  7. In the drop-down next to userName, select Apply mapping on user create only.
  8. Click Save Mappings and Apply updates now.