This article clarifies the difference between user_name_template and subject_name_id_template in the Okta Terraform Provider Resource okta_app_saml.
- Terraform
- Okta Identity Engine (OIE)
- Okta Classic Engine
- SAML App Resource
user_name_template
This is the application username mapping. By default, this is set to 'source.login'.
If a user is assigned to the app with the username "test@mail.com", then this will be their app username.
If the SAML application enables SCIM provisioning, this will also be the 'userName' attribute value that is provisioned over to the SCIM server by default.
subject_name_id_template
Defines the mapping for the username that is used in the SAML Assertion Okta generates when a user logs into the SAML Application.
By default, this will be 'user.userName', which will be the same value as user_name_template default value of 'source.login'.
Changing this mapping will affect the Subject NameID in the SAML Assertion Okta generates for the application.
To modify either setting outside of the Okta Terraform Provider:
- user_name_template can be changed in the Admin Dashboard in the Sign on tab under Credentials Details > Application username format.
- subject_name_id_template can only be modified with the Management API.
