Make first and last name optional in Active Directory
Okta has defined 31 default base attributes for all users in an orgThe Okta container that represents a real-world organization.. These base attributes are generally fixed and cannot be modified or removed. There are two exceptions: First Name and Last Name. These two attributes can be marked as required or optional for Okta and Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management.-mastered users only.
To import AD-mastered users with blank First Name or Last Name attributes,
- You must first mark the attributes as optional in the Okta user profile and the AD user profile, otherwise the import or JIT operations will fail.
- If you have auto-confirm selected for matching users on import, the import will fail in the creation flow if the Okta and AD user profile settings do not match.
- If the First or Last name attribute is marked as not required and you have imported users with no first or last name, and then you change the attribute to be required again, the users with the blank attribute are deactivated on the next full import. When users are deactivated they are unable to sign in to Okta.
The default setting for new AD instances is that first and last name are required.
- On the Okta AdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. Console, click Directory > Profile Editor.
- Click Okta in the Filters list.
- Select the Okta User and click Profile.
- Click the information icon for the First name attribute.
- Clear the Attribute required field to make the attribute optional.
- Click Save Attribute.
To make First Name or Last Name attributes optional in the AD user profile:
- Go to Directory > Profile Editor.
- Click the Directories filter.
- For Active Directory, click Profile in the Actions column.
- Click the information icon for either the firstName or LastName variable.
- Deselect the Attribute required field to make the attribute optional.
- Click Save Attribute.
Now you can import users who do not have the field.Top