We are currently in an Office 365 hybrid deployment with profiles being mastered by AD. We recently acquired a new domain name and are working on a transition plan for moving from the old domain to the new one. The goal would be to give users the ability to sign in with email@example.com rather than firstname.lastname@example.org without changing the UPN that's still on the @old.com domain. Is there a way to specify an alternate login for users that will authenticate them in Okta as email@example.com but pass the correct authentication information to Office 365 as firstname.lastname@example.org?
I've tried changing the UPN for a user and everything appears to work except mobile device email access, which is why I'd like to make this change without changing the UPN if possible.
This can be done by mapping the @old.com UPN to a custom attribute in the Okta Profile and then mapping it to Office 365 using the custom mappings feature of Okta.
If you need more assistance, please don't hesitate to open a support ticket with us.
Best regards, Andrei Hava
This was selected as the best answer
Would I need to disconnect that user's profile from AD before making that change, or would I simply add an attribute to the user's profile in AD, let it sync to Okta, and then map it to the userID field in Profile Editor for Office 365?