Exclude Active Directory user name updates during provisioning

To ensure that provisioning events do not update the User Personal Name (UPN) or samAccountName in Active Directory (AD), change the mapping for these attributes.

1. In the Admin Console, go to Directory > Profile Editor.
2. Click Directories in the Filters list.
3. For Active Directory, click Mappings and select Configure User mappings if a list appears.
4. Click Okta User to <your AD instance>.
5. Select one of these options:
   • If the userName attribute is set by your AD domain and you can't modify it, you’ll need to edit the username update settings in the Create Users section of the Provisioning to App tab. See Configure Active Directory provisioning settings.
   • If the userName attribute is set by your AD domain and you can modify it, click Override with mapping.
6. In the drop-down next to userName, select Apply mapping on user create only.
7. In the drop-down next to samAccountName, select Apply mapping on user create only.
8. Click Save Mappings and Apply updates now.