Biirthright provisioning in OKTA W/O email address Skip to main content
https://support.okta.com/help/answers?id=9062a000000xzovqag&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Anubhab GhoshAnubhab Ghosh 

Biirthright provisioning in OKTA W/O email address

As per my understanding, in an application masterd scenario, an employee is provisioned (birthright) in master application first with his old email address. Then from downstream OKTA application (say, Office 365) his new company email address is generated. 
I am assuming that we can not create/import new user in OKTA W/O a valid email address.
Now if O365 is added as a downstream birthright application to OKTA then is it possible to import users from master application to OKTA without any email address?
Cody SudersCody Suders (Okta, Inc.)
There are a couple of options on how to handle this.  Its important to understand what you mean by "valid" email address.  Email is a required field in Okta, but depending how you're setting the user's initial password, if they don't have to receive the email to set that password it just has to be in a valid email format, but not an actual address that can receive mail.  I've seen customers make an initial email address of something like username@placeholder.com for the initial account creation which will pass the okta required field validation, but isn't a valid email. then can then go back and update it to their "real" email addresso once it's assigned.  Another option might be to just put in what the email address will be once its created (like username@company.com) and then push that into o365 once the Okta account is created and it will become a valid email.
Anubhab GhoshAnubhab Ghosh
Thanks for your reply Cody.
By valid email address I meant  email address where user will get the option to change the password for first time.

Option1:  I've seen customers make an initial email address of something like username@placeholder.com for the initial account creation which will pass the okta required field validation, but isn't a valid email. then can then go back and update it to their "real" email addresso once it's assigned.
Q:
 Is this process automated in OKTA and OOTB feature? Could you please provide any documents/guide or list down high level steps please.

Option 2Another option might be to just put in what the email address will be once its created (like username@company.com) and then push that into o365 once the Okta account is created and it will become a valid email.

Q: 
We need to check the availability of the email ID from AD before we can create a mailbox. How would we do that?

Can we have the following flow with OKTA:
1) New user info is entered in HR system.(with his old company email address)
2) OKTA polls HR system and creates the user in OKTA UD.
3) OKTA creates the user's account in downstream AD .
4) OKTA creates new mailbox in downstream O365 and the new email ID is updated in every downstream app and OKTA itself.
5) User is sent a mail to update his password through self service Password reset.

Thanks in advance,
Anubhab