Make first and last name optional in Active Directory

Okta has defined 31 default base attributes for all users in an org. These base attributes are generally fixed and cannot be modified or removed. There are two exceptions: First Name and Last Name. These two attributes can be marked as required or optional for Okta and Active Directory (AD)-sourced users. The default setting for new AD instances is that first and last name are required.

First Name and Last Name attributes are mandatory for provisioning Office 365 through the OktaAdmin Console.

To import AD-sourced users with blank First Name or Last Name attributes:

• You must first mark the attributes as optional in the Okta user profile and the AD user profile, otherwise the import or Just-in-Time (JIT) provisioning operations will fail.
• If you have auto-confirm selected for matching users on import, the import will fail in the creation flow if the Okta and AD user profile settings do not match.
• If the First or Last name attribute is marked as not required and you have imported users with no first or last name, and then you change the attribute to be required again, the users with the blank attribute are deactivated on the next full import. When users are deactivated they are unable to sign in to Okta.

1. In the Admin Console, go to Directory > Profile Editor.
2. Click Directories in the Filters list.
3. For Active Directory, click Profile in the Actions column.
4. Click information for the firstName variable.
5. Clear the Attribute required check box.
   
6. Click Save Attribute.
7. Repeat steps 4 to 6 for the lastName variable.