<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base

How to Configure IDP Username in External IdP Integration

Last Updated:

Single Sign-On
Okta Classic Engine
Okta Identity Engine

Overview

To configure the IdP username field, idpuser must be used as a prefix attribute name instead of appuser.

Applies To

  • External IDP
  • Inbound Federation
  • Single Sign-On (SSO)

Cause

If using the following type of expression language-based configuration idP username: String.substring(appuser.firstName,0,6)+"."+appuser.lastName+"@example.com", the following error message is received:

Account matching with IdP Username error message

Solution

To use a custom configuration idp username, idpuser based attribute name must be used.

For example:

  • Use firstname and lastname from the external IDP to verify IdP Username during inbound federation using he following format of IdP attribute name:
    • String.substring(idpuser.firstName,0,6)+"."+idpuser.lastName+"@example.com".

Account matching with Idp Username

 

Related References

Recommended content

Still looking for help?
Loading
Okta Support - How to Configure IDP Username in External IdP Integration