<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Blank Username for New Assignments after Username Format Change to active_directory.objectSid
Oct 3, 2025
Lifecycle Management
Okta Classic Engine
Okta Identity Engine
Overview

This article addresses an issue where users assigned to an application via a new group have a blank or null username. This occurs after the application's username format was changed (for example, from user.employeeNumber to active_directory.objectSid) and existing user profiles were updated using the Update Now function.


"Update now" button  

Applies To
  • Universal Directory
  • Active Directory
  • Application Username
  • Lifecycle Management
Cause

This behavior occurs because the trigger to update the application username is not configured to run when new assignments are created. While running Update Now updates the usernames for currently assigned users, it does not affect users who are assigned to the application later through group membership.

Solution
Use one of the following options to resolve this issue.
 
Option 1: Enable Automatic Username Updates. 
This option ensures the application username is updated automatically when a user is created or updated.
  1. In the Admin Console, navigate to the application's Sign On tab.
  2. In the Credentials Details section, click Edit.
  3. For the Application username format setting, select Update application username on: Create and update.
  4. Click Save.
NOTE: This setting affects all users assigned to the application. When any user's Okta profile is updated, their application username will be re-evaluated and updated accordingly.
 
Option 2: Use a Custom Mapping. 
This option involves mapping the Active Directory value to an Okta attribute first and then using that Okta attribute for the application username.
  1. In Directory > Profile Editor > Active Directory > Mappings > Active Directory to Okta, map the required Active Directory attribute (for example, objectSid) to a custom Okta User Profile attribute.
  2. Navigate to the application's Sign On tab and click Edit in the Credentials Details section.
  3. Set the Application username format to Custom.
  4. Enter an expression to use the custom Okta attribute that now contains the desired value from Active Directory.
  5. Click Save.

Recommended content

Still looking for help?
Loading
Blank Username for New Assignments after Username Format Change to active_directory.objectSid