A user was initially provisioned to Advanced Server Access (ASA) with a default naming convention.
Later, it is decided that a different naming convention is desired for some users (for example, prefixing the username with "admin_"). All the Okta-side configuration to map the usernames as desired is completed such that new users who are provisioned to ASA for the first time are created with the desired naming scheme in ASA.
However, the previously provisioned users do not have their ASA usernames updated. Deprovisioning them from ASA and then reprovisioning them back to ASA also does not help.
- Advanced Server Access (ASA)
While several attributes within an ASA user's profile, such as the unixUserName and windowsUserName can be updated, the Username itself is immutable.
When deprovisioning a user from ASA, they are marked as deleted in the backend ASA database. When reprovisioning the user back to ASA, that same user from the backend ASA database is marked as active, and will maintain the original username.
To update the ASA username, ASA Engineering must first delete the user from the ASA backend. This is an involved process that can take some time.
- Deprovision the user from ASA such that the Okta user is no longer assigned to the ASA application, and the user is shown as "Deleted" in the ASA Dashboard.
- Open a case with Support to request ASA user deletion. Please provide a screenshot showing the user(s) in "Deleted" status in the ASA dashboard and confirm the name of the relevant ASA Team and associated Okta tenant URL.
- Support will then engage Engineering to request user deletion from the back-end. Depending on the engineering workload, this may take some time to complete, during which time the user will be unable to use ASA.
- Once the deletion is completed, reprovision the user back to ASA with the desired username mapping.
