<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7V7LSAVOkta Classic EngineSingle Sign-OnAnswered2024-04-30T09:18:25.000Z2016-08-05T22:48:26.000Z2019-01-31T00:55:57.000Z

GermanM.87673 (Customer) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
Primary email different in google apps
I am trying to sync from Active Directory to Okta (succeed) and then Okta to Google Apps. The problem is that Google apps has a diferent domain name. The error I get in Okta:

 

An error occurred while assigning this app.

Automatic provisioning of user User 2 to app Google Apps failed: Failed to create new user. Invalid Input: primary_user_email

 

This is what I have:

 

AD login: user@firstdomain.com (match with primary email)

Okta login: user@seconddomain.com (this is not picked up as primary email)

Google App: user@seconddomain.com

 

Am I doing something wrong or is just not possible to do SSO with different domains?
  • 3 answers
  • 2.92K views

  • j5v7c (j5v7c)

    It is possible to do SSO & Provisioning to google apps with a different domain. You just need to ensure that the Application Username Format is set to do the transformation of the username into the desired format. This is under the "Sign On" settings, or can also be configured in the Okta-->Google mappings under Profile Editor.
    Selected as Best

  • j5v7c (j5v7c)

    It is possible to do SSO & Provisioning to google apps with a different domain. You just need to ensure that the Application Username Format is set to do the transformation of the username into the desired format. This is under the "Sign On" settings, or can also be configured in the Okta-->Google mappings under Profile Editor.
    Selected as Best

  • j5v7c (j5v7c)

    Hi German, looks like Mr Rayru beat us to the punch. What he says is certainly the way you'd do it. If you need specific guidance you can call in or make a ticket and we can set up a screen share for this

     

    Mariusz K

    Okta Support
    Expand Post

  • MikeR.79981 (Customer)

    This is how we achieved this-

    In the G Suite app, specify username format: custom-

    substringBefore(user.login,"@")+"@domain2.com"

     

    user@domain1 = AD/Okta

    user@domain2= G Suite

     

    Expand Post
This question is closed.
Loading
Primary email different in google apps