<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Applying Okta Expression Language for Managing Email Aliases Across Distinct Application Instances
Mar 4, 2025
Okta Classic Engine
Okta Identity Engine
Lifecycle Management
Overview

This article details how to implement Okta Expression Language to manage email aliases in scenarios where a user needs to access multiple instances of an application, each instance demanding a unique email address. This instruction will elucidate each part of the expression, explaining its role and effect.

Applies To
  • Okta administrators
  • Developers managing distinct instances of an application 
  • Developers handling unique email addresses for users across distinct instances
Cause

Certain applications recognize users through their email addresses as a unique identifier. Even if these applications have different instances, they might consider the same email address across these instances as a duplicate, thus raising conflicts.

Solution

  1. An email admin should initially establish an email alias for every user requiring access to several instances, ensuring that the application does not recognize the user as a duplicate.

  2. Apply the following Okta Expression Language conditional expression to the custom application username format:

    isMemberOfGroupName("sample") ? (substringAfter(substringBefore(Arrays.toCsvString(user.proxyAddressess), ','), "smtp:")) : user.login.


    Credential Details 


The above conditional expression is broken down as follows:

    • isMemberOfGroupName("sample")
      This function checks whether the user is part of the group named "sample". The resulting value is Boolean (true or false). 

    • ?:
      This is the ternary operator that initiates the action depending on the condition's result. 

    • (substringAfter(substringBefore(Arrays.toCsvString(user.proxyAddressess), ','), "smtp:"))
      If the user is part of the "sample" group (true condition), this function is executed. It takes the proxyAddress mapped from Active Directory to the Okta User Profile, converting it to a CSV string. The function then captures the substring before the first comma (','), and from this substring, it extracts the portion after "smtp:".

    • :
      This operator separates the values that the ternary operator will return depending on the condition's evaluation.

    • user.login
      If the user is not part of the "sample" group (false condition), the function will return the user's login username.


With this conditional expression, members of a specific group (for example, managers) can use the email alias, while regular users can use their standard email address.

 

NOTE: Formatting issues might interfere with the expression's functionality, so it's essential to validate its operation by testing with different user accounts.
 

Related References

 

Recommended content

Still looking for help?
Loading
Applying Okta Expression Language for Managing Email Aliases Across Distinct Application Instances