ywvdf (ywvdf) asked a question.
our organization has configured Harmony Connect in OKTA to use its username to login, this is working fine for users who has been created in AD and gets synched properly in OKTA but its an issue for our vendors/contractors that has different email addresses other than the recognized domain in Okta.
when the vendors signed in to Harmony Connect, harmony connect sees its Primary Email in okta rather than its username, thus having access restrictions in using harmony connect.
is there a way to change this in Okta for specific groups?
this is the reply i have received from CheckPoint:
----------------------------------------
This is an issue with the configuration in Okta, and the current configuration passes the email and the name_id, which is usually the same as the username. Because a difference in these emails is wanted, we need to find out the Okta configuration that will pass on the username as the name_id, thus resulting in the wanted behavior.
------------------------------------------
Hi @ywvdf (ywvdf) Thank you so much for reaching out to Okta.
You have the option of utilising the Okta Expression Language, You can specify IF...THEN...ELSE statements with the Okta EL. The primary use of these expressions is profile mappings and group rules. Group rules do not usually specify an ELSE component.
Here is the guide: https://developer.okta.com/docs/reference/okta-expression-language/#conditional-expressions
The format for conditional expressions is
[Condition] ? [Value if TRUE] : [Value if FALSE]
As an example, we can try the below expression:
isMemberOfGroupName(“Vendors group name”) ? user.email : user. login
Now you may need to change/test out the attributes with the above expression.
Please navigate to the Application> Sign On tab> Application Username Format> Custom to configure this.