When Okta imports users from Google Workspace (GWS), changing the Okta username does not automatically update the main email address in GWS. Resolving this requires updating the application username format and forcing a manual update in the Okta Admin Console. Specifically, after an administrator changes a user's login in Okta for a user originally imported from GWS, the main email address in GWS fails to update. Conversely, when Okta creates a user and provisions it to GWS, the GWS main email updates correctly upon an Okta login change.
- Okta Identity Engine (OIE)
- Google Workspace (GWS)
- Provisioning
The GWS application sign-on settings in Okta do not include the configuration to push username changes back to GWS for imported users. Specifically, the application username format and the update application username settings do not propagate Okta login changes to GWS after import.
How is the issue of the Google Workspace main email not being updated after an Okta username change resolved?
Configure the Okta GWS application sign-on settings to push username updates and force a manual update for affected users using the Okta Admin Console.
- In the Okta Admin Console, navigate to the Google Workspace application, then click the Sign On tab.
- Set Application username format to Custom and enter the expression
user.login.
- Set Update application username on to Create and update.
- Save the settings.
- Navigate to the Assignments tab of the Google Workspace application.
- Select the affected users and choose Update Now to force Okta to push the updated username to GWS.
