<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008C3jWrSAJOkta Classic EngineLifecycle ManagementAnswered2024-03-25T05:22:43.000Z2017-06-02T09:44:47.000Z2017-06-02T09:44:47.000Z

lgbz8 (lgbz8) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
Biirthright provisioning in OKTA W/O email address
As per my understanding, in an application masterd scenario, an employee is provisioned (birthright) in master application first with his old email address. Then from downstream OKTA application (say, Office 365) his new company email address is generated. 

I am assuming that we can not create/import new user in OKTA W/O a valid email address.

Now if O365 is added as a downstream birthright application to OKTA then is it possible to import users from master application to OKTA without any email address?
  • 2 answers
  • 1.39K views

  • cody.suders1.3982070751843718E12 (Okta, Inc.)

    There are a couple of options on how to handle this.  Its important to understand what you mean by "valid" email address.  Email is a required field in Okta, but depending how you're setting the user's initial password, if they don't have to receive the email to set that password it just has to be in a valid email format, but not an actual address that can receive mail.  I've seen customers make an initial email address of something like username@placeholder.com for the initial account creation which will pass the okta required field validation, but isn't a valid email. then can then go back and update it to their "real" email addresso once it's assigned.  Another option might be to just put in what the email address will be once its created (like username@company.com) and then push that into o365 once the Okta account is created and it will become a valid email.
    Expand Post

  • lgbz8 (lgbz8)

    Thanks for your reply Cody.

    By valid email address I meant  email address where user will get the option to change the password for first time.

     

    Option1:  I've seen customers make an initial email address of something like username@placeholder.com for the initial account creation which will pass the okta required field validation, but isn't a valid email. then can then go back and update it to their "real" email addresso once it's assigned.

    Q: Is this process automated in OKTA and OOTB feature? Could you please provide any documents/guide or list down high level steps please.

     

    Option 2Another option might be to just put in what the email address will be once its created (like username@company.com) and then push that into o365 once the Okta account is created and it will become a valid email.

     

    Q: We need to check the availability of the email ID from AD before we can create a mailbox. How would we do that?

     

    Can we have the following flow with OKTA:

    1) New user info is entered in HR system.(with his old company email address)

    2) OKTA polls HR system and creates the user in OKTA UD.

    3) OKTA creates the user's account in downstream AD .

    4) OKTA creates new mailbox in downstream O365 and the new email ID is updated in every downstream app and OKTA itself.

    5) User is sent a mail to update his password through self service Password reset.

     

    Thanks in advance,

    Anubhab

    Expand Post
This question is closed.
Loading
Biirthright provisioning in OKTA W/O email address