Changing login names without changing UPNs in AD Skip to main content
https://support.okta.com/help/answers?id=9062a000000qugjqa0&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Scott BakerScott Baker 

Changing login names without changing UPNs in AD

We are currently in an Office 365 hybrid deployment with profiles being mastered by AD.  We recently acquired a new domain name and are working on a transition plan for moving from the old domain to the new one.  The goal would be to give users the ability to sign in with user@new.com rather than user@old.com without changing the UPN that's still on the @old.com domain.  Is there a way to specify an alternate login for users that will authenticate them in Okta as user@new.com but pass the correct authentication information to Office 365 as user@old.com?

I've tried changing the UPN for a user and everything appears to work except mobile device email access, which is why I'd like to make this change without changing the UPN if possible.
Best Answer chosen by Scott Baker
Andrei HavaAndrei Hava (Okta, Inc.)
Hello Scott,

This can be done by mapping the @old.com UPN to a custom attribute in the Okta Profile and then mapping it to Office 365 using the custom mappings feature of Okta.

If you need more assistance, please don't hesitate to open a support ticket with us.

Best regards,
Andrei Hava

All Answers

Andrei HavaAndrei Hava (Okta, Inc.)
Hello Scott,

This can be done by mapping the @old.com UPN to a custom attribute in the Okta Profile and then mapping it to Office 365 using the custom mappings feature of Okta.

If you need more assistance, please don't hesitate to open a support ticket with us.

Best regards,
Andrei Hava
This was selected as the best answer
Scott BakerScott Baker
Would I need to disconnect that user's profile from AD before making that change, or would I simply add an attribute to the user's profile in AD, let it sync to Okta, and then map it to the userID field in Profile Editor for Office 365?