Attributes statement samAccountName not sent in AuthResponse Skip to main content
https://support.okta.com/help/answers?id=9062a000000bmhyqai&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Vignesh SathiamoorthyVignesh Sathiamoorthy 

Attributes statement samAccountName not sent in AuthResponse

Hi,
I have setup an App in OKTA to test SAML. I have Active directory integration.
User accounts are synced from AD. 

Directory > People > "test account" > Profile shows the samAccountName under Profile (Additional Active Directory Attributes). 

I have entered user.samAccountName in Attributes statement in my App. But, I am seeing empty string being sent out to SP (SAML response).
<saml2:Attribute Name="username"
               NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string"/></saml2:Attribute>
If I map the samAccountName to displayName from Active Directory Map Attributes page and use “user.displayName” in the attributes statement, the samAccountname gets sent correctly in SAML response.

User-added image

Why is the user.samAccountName not working as-is?

User-added image

Thanks
 
 
Best Answer chosen by Vignesh Sathiamoorthy
Gabriel SrokaGabriel Sroka (Okta, Inc.)
Hi Vignesh,
Go to Directory > Profile Editor > Okta > Profile. See also:
https://help.okta.com/en/prod/Content/Topics/Directory/Directory_Profile_Editor.htm

All Answers

Gabriel SrokaGabriel Sroka (Okta, Inc.)
Hi Vignesh
Think of Okta as having 2 "tables" (like in SQL) or "objects": one for Okta and one for AD. The AD "appuser" table/object has samAccountName, but the Okta "user" table.object does not. To use samAccountName, map it from AD to Okta just as you did above. You can create a custom Okta attribute called samAccountName instead of using displayName, then map appuser.samAccountName to user.samAccountName.
Vignesh SathiamoorthyVignesh Sathiamoorthy
Thanks Gabriel. I am unable to figure out how to add new attributes to Okta User Profile. All I see is how to add attributes for AD

User-added image

User-added image
Gabriel SrokaGabriel Sroka (Okta, Inc.)
Hi Vignesh,
Go to Directory > Profile Editor > Okta > Profile. See also:
https://help.okta.com/en/prod/Content/Topics/Directory/Directory_Profile_Editor.htm
This was selected as the best answer
Vignesh SathiamoorthyVignesh Sathiamoorthy
​Thanks for your help, I was able to find User profile under profile editor (Directory > Profile Editor > Okta) and I created an attribute samAccountName just like you mentioned and mapped it to AD attribute samAccountName