do6bg (do6bg) asked a question.
Hi, so just to be clear, when i mention Domain, it's not AD, as we don't use this.
We have a number of contractors, for whom we create okta accounts for with their own email domain (hotmail, gmail etc) as the primary work email/username.
This setup allows them to log into some of our sso apps.
We have however found, Google Workspace for example, that provisioning does not work, we get the error (or similar) 'The user's email domain does not match the domain specified in Google Apps'.
any suggestions for a fix? Is it possible to push the user to these specific apps in another way? In googles case, we use 'Okta Username' as the 'Application username format'. if this needed to be changed, would it affect our internal employees?
You can use Okta expression language to format the username based on the users domain, if you have that stored as an attribute. An example, though i didnt check if valid, would be like below:
user.domain=="gmail" ? (user.login + "@gmail.com") : (user.domain=="yahoo" ? (user.login + "@yahoo.com") : user.login)
The format for conditional expressions is
[Condition] ? [Value if TRUE] : [Value if FALSE]
My name is Michael Hidalgo with Okta support and I will gladly assist you with this case.
Google Workspace will not allow to provision users whose email and username do not match their domain, in order to fix this you can use the Okta expression language:
First you'll need to go to Profile Editor>>> Google Workspace>>> Click Mapping>>> Select Okta to Google Workspace>>> Look for the email attribute and use this expression String.substringBefore(source.email, "@")+"@yourgoogledomain.com"
After that, you'll need to go to your Google Workspace app>>> Sign on>>> Credential Details>>> set the Application username format to Custom and use the same expression, String.substringBefore(source.email, "@")+"@yourgoogledomain.com"