<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z0000AH7Y28CQFOkta Classic EngineSingle Sign-OnAnswered2026-04-16T09:00:16.000Z2024-10-22T10:38:37.000Z2024-10-31T16:54:29.000Z

lbiln (lbiln) asked a question.

October 22, 2024 at 10:38 AM
AD User UPN Change

Hi all,

 

can someone please clarify to me what the behaviour is if we change a UPN within AD from FirstnameSurname@domain.com to FirstnameNewSurname@domain.com ?

 

if we change this UPN, would this automatically change the UPN within the users profile for the applications? meaning it will break access to the applications?

 

we are trying to implement a process of when someone gets married, their AD UPN and email address will change, but we are not sure if this will break applications integrated within Okta as the app will treat them as a new user.

 

If these values remain unchanged, will they get rewritten if a force AD sync to Okta gets performed?

  • 1 answer
  • 643 views

  • Paul S. (Okta, Inc.)

    Hello @lbiln (lbiln)​  Thank you for posting on our Community page!

     

    If the UPN/email address will change in AD, this will be propagated to Okta and update the user profile. The user will need to use the new UPN/email for Okta login.

    For the application, this update will be pushed only to the applications that have Provisioning and SSO application that use JIT provisioning, normal SSO apps and SWA apps should remain the same.

    Beside the Okta login, user should not see any difference or experience any difficulty.

    If possible, I would recommend to do a test before doing this with a user.

     

    Thank you for reaching out to our Community and have a great day!

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Ask Us Anything about Workflows now thru 10/31

    Expand Post
    Selected as Best

  • Paul S. (Okta, Inc.)

    Hello @lbiln (lbiln)​  Thank you for posting on our Community page!

     

    If the UPN/email address will change in AD, this will be propagated to Okta and update the user profile. The user will need to use the new UPN/email for Okta login.

    For the application, this update will be pushed only to the applications that have Provisioning and SSO application that use JIT provisioning, normal SSO apps and SWA apps should remain the same.

    Beside the Okta login, user should not see any difference or experience any difficulty.

    If possible, I would recommend to do a test before doing this with a user.

     

    Thank you for reaching out to our Community and have a great day!

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Ask Us Anything about Workflows now thru 10/31

    Expand Post
    Selected as Best
This question is closed.
Loading
AD User UPN Change