d9gyy (d9gyy) asked a question.
Okta SP - Create JIT user with a prefixed username with Expression Langage does not work for me
Hello,
I am configuring an Azure AD IdP on my Okta tenant, and want to prefix the username of the JIT account created.
In the IdP Configuration, I use the expression language to do so, as follow:
Image is not available
However, when I log in from Azure AD, the user created in Okta has his username equal to his email address, WITHOUT the prefix "sso_".
What do I do wrong?
Regards.
Hello @d9gyy (d9gyy) Thank you for reacting out to our Community!
The expression that you are using is not a valid one, as per our documentation "the value
idpuser.subjectNameId means that it takes the subject's username, from the SAML assertion passed by the Identity Provider, and maps it to the Okta application user's username property.".
In this case you can change the username format of the app on the Azure side with the prefix of the username.
Refrence :https://developer.okta.com/docs/guides/add-an-external-idp/saml2/main/#create-an-identity-provider-in-okta
You can also try to use our expression language doc for a username configuration, however in this case I was unable to make one.
https://developer.okta.com/docs/reference/okta-expression-language/
The Okta Community Catalysts Program is now live. Collect online badges when you participate in the Okta Help Center Questions community. Learn more here.
The October issue of the Okta Community is here and packed with tips on certification, how to earn badges, and new releases. Let us help you stay connected.