9w22a (9w22a) asked a question.
User rename in Identity Provider creating new Okta user
We have Entra ID set up as an Identity Provider through a SAML connection.
When a user's User Principal Name (UPN) changes in Entra ID (they get married/change their name/the company changes its domain, etc.), the corresponding existing Okta user remains unchanged, and a new Okta user with the new name is created.
We would expect that since the Okta user profile is sourced via a SAML connection to Entra ID, that it would be able to update when attributes on the external profile change.
Please advise on how to avoid the new, duplicate user being created in Okta. And have the existing Okta user profile update instead.
Thank you
Hi @9w22a (9w22a) , Thank you for reaching out to the Okta Community!
This is the expected behavior in the case of an external IDP for Okta.
The default settings for the "Account matching with IdP Username" is "Okta Username"and if the value for username changed on the Entra side, it will not match agains the pre-existing Okta username and will generate a new account.
I recommend considering the use of a more "immutable" attribute for user matching if this is something that is happing at scale.
Otherwise, you will need to manage it on case by case basis, by temporarily disconnecting the affected Okta user account from the IDP and editing the profile to match the data incoming from the Entra side.
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--
Help others in the community by liking or hitting Select as Best if this response helped you.