StephenT.54873 (Customer) asked a question.
Our environment is currently configured to treat matching email addresses as an auto-confirm condition. Another option is "Okta username format matches". Our username format is set to custom, appuser.userName, and for existing users maps to user@domain.com.
A problem we've run into recently is we've started creating some accounts where a person's LDAP entry will have a different email than the AD entry. Because the auto-confirm condition is not met for these users, their accounts are not automatically confirmed and apps do not get assigned. Would changing the exact match condition to "Okta username format matches" resolve this problem? Would we need to also modify the Okta username format? Would either change affect already confirmed users?
Hello @StephenT.54873 (Customer)
I hope you are having a great day
That could be the solution because the default format for Okta user names is an email address, if it is needed you can create a custom character restriction that replaces the email format constraint with a specific set of allowable characters.
You can learn more using about this topic using the link below:
https://help.okta.com/en/prod/Content/Topics/users-groups-profiles/usgp-create-character-restriction.htm
Please let us know if this was useful and allow you to solve your problem. Have a great day ahead
Regards
Henry Esquivel
Okta Inc