Issue with AD UPN and samaccountname difference

[sandypatel1986]

Hi all,

I am facing strange issue. My AD UPN is samir.patel@contoso.com where as my samaccountname is samir@contoso.com

When I try to login to RD gateway, the script throws an error saying that "samir" not found. So I understand that NPS on RD Gateway is sending samaccountname value to Okta script and the okta script is unable to find the person samir in okta tenat.

If UPN is same as samaccountname then I don't face any issues.

But due to some limitations, I can not change the samaccountname to UPN in AD. So any workaround for this ?

Please suggest.

[sandypatel1986]

There is way that we can map individual user sam with UPN in connection request policies under NPS. But considering we have 200 users, this is challenge.

[sandypatel1986]

Hi All,

This is resolved. In our environment, we have different AD UPN value and AD samaccountName value for a single user. for example, user named sandip patel has sandip.patel as upn name and spate as samaccountname. Whenever user tries to login to RD gateway, it will send samaccountname to Okta script and okta script will send it to Okta tenat. But our okta tenat integration is with AD UPN. (AD UPN = Okta user name) so the script was throwing error.

What I did I created one custom attribute for samAccountName under profile editor --> users --> Okta --> user (default) and mapped it with profile editor --> users --> directories --> active directory mappings --> AD to Okta user --> mapped appuser.samAccountName to samAccountName. Then I applied these mappings to all users.

and in run.sh I added one more line OKTA_USE_SAMACCOUNTNAME=true.

what we did samaccountname value which was there in additional active directory attribute value list, we made it part of okta profile values.

Then the script works fine.