<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Okta Username Format for Active Directory Users
Mar 25, 2026
Directories
Okta Classic Engine
Okta Identity Engine
Overview

Okta allows modifying the username format used for Active Directory-sourced users during authentication by adjusting provisioning settings and applying custom expressions. This article describes how to change the username format and provides an example expression for a common use case.

Applies To
  • Okta Classic Engine
  • Okta Identity Engine (OIE)
  • Active Directory (AD)
  • Delegated Authentication
  • Active Directory-sourced users
Solution

How is the username format for Active Directory users modified?

Follow the video or steps below to access the directory integration settings and apply a new Okta username format.

 

 

  1. In the Okta Admin Console, navigate to Directory > Directory Integrations.

  2. Select the Active Directory domain.

  3. Select Provisioning > To Okta and then select Edit.

  4. Choose Custom from the Okta username format dropdown menu.

  5. Enter a custom expression in the field provided.

    NOTE: The following expression is an example that takes the first letter of the username and appends it to all characters after the first dot in the username:

    String.substring(appuser.userName, 0, 1) + String.substringAfter(appuser.userName, ".")

    Example: If a user currently signs into Okta with john.doe@domain.com, this expression changes the login to jdoe@domain.com. The expression is customizable but must remain in email format by default.

  6. After verifying the custom expression or selecting a predefined option, select Save.

  7. Navigate to the Okta Attribute Mappings section.

  8. Select Force Sync to apply the change to all existing users.

 

NOTE: The number of users in the directory directly impacts the time required for changes to take effect. To verify the updates, navigate to the Assignments tab of the Active Directory integration and review the usernames for the assigned users.

 

The following list describes the behavior for common predefined username options:

 

  • Okta username: Okta sends the exact value of user.login as the User Principal Name (UPN). This can result in a different UPN domain suffix if the value in Okta differs from the Active Directory domain name.

  • From Okta username: Okta removes the domain suffix of user.login and adds the Domain naming context (e.g., john.doe@domain.com becomes john.doe@ADDomainName.com) for the UPN.

  • Email: Okta uses user.email to populate the UPN. This is not recommended as email uniqueness is not enforced in Okta, which can lead to provisioning errors.

 

Related References

Recommended content

Still looking for help?
Loading
Okta Username Format for Active Directory Users