In Advanced Server Access (ASA), there are reserved usernames that cannot be used. If a user has one of these usernames, provisioning may fail with an Invalid ASA username error, like below:
 

Automatic provisioning of user Service Account to app Okta Advanced Server Access failed: Error while creating user service@testdomain.local: Bad Request. Errors reported by remote server: Invalid ASA username: service



 

• Advanced Server Access (ASA)
• Okta Privileged Access (OPA)

Engineering has defined usernames that are reserved in ASA, and these usernames cannot be used. The reserved usernames are below (case insensitive):

adm
admin
administrador
administrateur
administrator
administratör
amanda
anonymous
apache
apache2
audio
authenticated
aдминистратор
backup
batch
bin
builtin
canna
cdrom
creator
daemon
dbus
dialout
dialup
digest
dip
disk
dovecot
ec2-user
exim
fax
floppy
ftp
games
gdm
git
gnats
gopher
halt
htt
interactive
internet
irc
järjestelmänvalvoja
kmem
ldap
list
listen
local
lp
mail
mailman
mailnull
man
mysql
named
netdump
network
news
nfsnobody
nis
nntp
noaccess
nobody
nobody4
nogroup
nscd
nt
ntlm
ntp
null
nuucp
operator
oracle
pcap
plugdev
postfix
postgres
proxy
pvm
quagga
radiusd
radvd
remote
rendszergazda
restricted
root
rpc
rpcuser
rpm
rsync
sasl
schannel
self
sendmail
server
service
sftd
shadow
shutdown
smmsp
squid
src
sshd
staff
sudo
sync
sys
system
tape
terminal
this
tty
ubuntu
users
utmp
uucp
vcsa
video
voice
webalizer
wnn
world
www
www-data
xfs
xpg
xpg4

A username other than the one listed above will have to be used.
 

Related References

• Reserved Group Names within ASA