<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7UrMSAVOkta Classic EngineOkta Integration NetworkAnswered2019-11-22T23:27:33.000Z2016-12-29T20:37:27.000Z2018-08-12T04:15:17.000Z

VigneshS.98232 (Customer) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
Attributes statement samAccountName not sent in AuthResponse
Hi,

I have setup an App in OKTA to test SAML. I have Active directory integration.

User accounts are synced from AD. 

 

Directory > People > "test account" > Profile shows the samAccountName under Profile (Additional Active Directory Attributes). 

 

I have entered user.samAccountName in Attributes statement in my App. But, I am seeing empty string being sent out to SP (SAML response). 
  1.  <saml2:Attribute Name="username"  NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string"/></saml2:Attribute>
 If I map the samAccountName to displayName from Active Directory Map Attributes page and use “user.displayName” in the attributes statement, the samAccountname gets sent correctly in SAML response.

 

0EM2A000000XorK

 

Why is the user.samAccountName not working as-is?

 

0EM2A000000XorP

Thanks

   
  • 4 answers
  • 6.72K views

  • gabriel.sroka1.4374539321839353E12 (Okta, Inc.)

    Hi Vignesh

    Think of Okta as having 2 "tables" (like in SQL) or "objects": one for Okta and one for AD. The AD "appuser" table/object has samAccountName, but the Okta "user" table.object does not. To use samAccountName, map it from AD to Okta just as you did above. You can create a custom Okta attribute called samAccountName instead of using displayName, then map appuser.samAccountName to user.samAccountName.
    Expand Post

  • VigneshS.98232 (Customer)

    Thanks Gabriel. I am unable to figure out how to add new attributes to Okta User Profile. All I see is how to add attributes for AD

     

    0EM2A000000XorU

     

    0EM2A000000XorZ
    Expand Post

  • VigneshS.98232 (Customer)

    ​Thanks for your help, I was able to find User profile under profile editor (Directory > Profile Editor > Okta) and I created an attribute samAccountName just like you mentioned and mapped it to AD attribute samAccountName

     

This question is closed.
Loading
Attributes statement samAccountName not sent in AuthResponse