AnandhamoorthyJ.51699 (Customer) asked a question.
We have configured a SAML application in Okta with SCIM provisioning enabled. User creation works fine, but when we attempt to change the userName (mapped to the email address), Okta deactivates the existing user and creates a new one. This results in discrepancies and loss of user history.
We observed that when the same change is made from the User Profile Directory instead of the SCIM app, Okta sends it as an update (PATCH) instead of deactivation.
Additionally, when we configure an SWA application with SCIM provisioning, the userName field is non-editable, preventing accidental changes.
Questions:
- Is it possible to make the userName field non-editable for SAML applications, similar to SWA?
- If not, is there an alternative configuration to prevent deactivation and re-creation of the user during email updates?
We want to avoid user churn and maintain user history during email changes.
Looking forward to your guidance.
Thank you.
Hi @AnandhamoorthyJ.51699 (Customer) , Thank you for reaching out to the Okta Community!
The described behavior does not seem right.
The user update should be dependent on the external ID generated on the initial user assignment or creation, which should be immutable to allow user matching when attributes change. Although not directly related to your use case, some details about this can be found in this article.
I recommend reaching out to our Developer colleagues over on devforum.okta.com to take advantage of their expertise, as custom SCIM implementations are in their purview.
Regards.
--
Help others in the community by liking or hitting Select as Best if this response helped you.
Collect them all. Learn a new skill and earn a new Okta Learning badge.