Exclude AD username updates during provisioning

To ensure that provisioning events don't update the User Personal Name (UPN) or samAccountName in Active Directory (AD), change the mapping for these attributes.

1. In the Admin Console, go to DirectoryProfile Editor.
2. Click Directories in the Filters list.
3. For AD, click Mappings and select Configure User mappings.
4. Click Okta to your AD instance.
5. In the dropdown menu next to samAccountName, select Apply mapping on user create only.
6. In the userName attribute immediately below the samAccountName attribute, click Override with mapping.
7. In the dropdown menu next to userName, select Apply mapping on user create only.
8. Click Save Mappings and Apply updates now.