<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00008SJm7NCATOkta Classic EngineIntegrationsAnswered2025-09-13T09:01:51.000Z2022-12-01T00:53:01.000Z2022-12-06T15:02:17.000Z

PauloB.22206 (Customer) asked a question.

December 1, 2022 at 12:53 AM
Provision User to Google user's "Email" or "Okta Username"

Hi,

 

We have been provisioning users to Google using "Okta username". But this has been kind of painful when it comes to changing a user's main alias. It forces us to change the login information too.

 

We are thinking to change the provision setting to use "Email" instead of "Okta username".

 

So, I was wondering how you guys have your Google Workspace provisioning configured, and if there is a best practice for this.

 

Thanks,

Paulo

 

 

 

.

  • 2 answers
  • 621 views

  • DonF.81354 (Customer)

    While I do not work with Google Workspace directly, my org does have many, many applications and frankly it just very much depends on the app that you are integrating with and your specific needs.

     

    For us, and in many cases, the Okta username and the user email is the same for each user, so naturally we have fewer issues than we might otherwise have. In your case, if the email is different, and that is the primary way you want users to login into and be provisioned into Google Workspaces, then certainly you should be good to change this to "email".

     

    Also, sometimes we have situations in which the app has been in use for sometime and there are plenty of users already provisioned. If they were created with email, it makes sense to have this value match so its easier to do the mapping after integration. In other cases, I have seen that some apps require more customized values, such as Employee Number or something similar.

     

    You can even use the Okta expression Language if you wanna get more customized, and the below is a great article that gives some examples (and shows just how many combinations and opportunities there are!):

     

    How to Update Application Username Using an Expression Language

     

    Please let me know if that helps! If you have any questions don't hesitate to ask away. Thanks!

    Expand Post

  • a0n5s (a0n5s)

    does your org has AD or LDAP? for AD or LDAP delagate authentication, we use sAMAccountName or UPN. You should find which attribute is not change and unique, also the end user know this value. you can choice this Attribute as username google workspaces.

This question is closed.
Loading
Provision User to Google user's "Email" or "Okta Username"