ScottB.07094 (American Century Investments) asked a question.
We're looking for a smoother way to handle name changes across the organization. We have dozens of apps that use the user's email address as the app's username. Today, when the user's name and/or email address in AD changes (due to a typo, marriage, etc.) the updated email address doesn't flow to the apps that are using email address as the username. My understanding is that at the time the user is assigned to the app, the username gets created and doesn't update unless forced to by the app. I don't want to rely on forcing the update from the app side in case it causes other account that have changed to update and break, and updating every app manually is time-consuming and inaccurate.
Is there a way I can force a user's application assignments to update their usernames to use the updated email address for all apps that use that attribute?
The username override feature overrides a previously selected Okta username format or app username format (different per app). When you implement username override, previously selected username formats no longer apply.
Username override can also be used with Selective Attribute Push to continuously update app user names as user profile information changes. For example, if a user gets assigned to an app with a username of email, and that email subsequently changes, Okta can automatically update the app username to the new email. Prior to this enhancement, an Okta the user's app username had to be manually updated by unassigning and reassigning them to the app. This enhancement applies to all apps and is not limited to only apps with provisioning capabilities.
If the above doesn't work, I've had success changing the Application username format from Email to Custom and using the expression user.email