Exclude Active Directory username updates during provisioning

To ensure that provisioning events don't update the User Personal Name (UPN) or samAccountName in Active Directory (AD), change the mapping for these attributes.

  1. In the Admin Console, go to DirectoryProfile Editor.
  2. Click Directories in the Filters list.
  3. For Active Directory, click Mappings and select Configure User mappings if a list appears.
  4. Click Okta User to your AD instance.
  5. Select one of these options:
    • If the userName attribute is set by your AD domain and you can't modify it, edit the username update settings in the Create Users section of the Provisioning to App tab. See Configure Active Directory provisioning settings.
    • If the userName attribute is set by your AD domain and you can modify it, click Override with mapping.
  6. In the dropdown list next to userName, select Apply mapping on user create only.
  7. In the dropdown list next to samAccountName, select Apply mapping on user create only.
  8. Click Save Mappings and Apply updates now.