Exclude Active Directory user name updates during provisioning

To ensure that provisioning events do not update the User Personal Name (UPN) or samAccountName in Active Directory (AD), change the mapping for these attributes.

  1. In the Admin Console, go to Directory > Profile Editor.
  2. Click Directories in the FILTERS list.
  3. For Active Directory, click Mappings and select Configure User mappings.
  4. Click Okta to <your AD instance>.
  5. In the drop-down next to samAccountName, select Apply mapping on user create only.
  6. In the userName attribute immediately below the samAccountName attribute, click Override with mapping.
  7. In the drop-down next to userName, select Apply mapping on user create only.
  8. Click Save Mappings and Apply updates now.