Me
한국어로 보기
Back

    When you cannot see users imported to Okta during the Active Directory integration

    In Active Directory, the FirstName and LastName fields are not required when creating a user, it is common, especially for Korean organizations, to create users by putting both the first and last name into FirstName field.

    In Okta, on the other hand, FirstName and LastName are set as required attributes of the User Profile when the initial Okta Org is created, so importing AD users into Okta that do not have FirstName or LastName set will not work correctly because the user will not have values for these required attributes.

    In such case, you can turn off the Required condition for the FirstName and LastName Attribute in the Okta User Profile and AD App Profile in the following way to import AD users into Okta normally.

    1. In the Okta Admin Console, click the Directory > Profile Editor menu, and then click the User (default) profile.

    My image alt text

    2. Uncheck the Yes checkbox for the Attribute required item and click the Save Attribute button at the bottom to save.

    My image alt text

    3. In the same way, uncheck the required condition for the Last name item and save it.

    My image alt text

    4. Click Profile Editor in the left menu, and then under Filters, click Directories to locate the AD App Profile, and then click the profile name.

    My image alt text

    5. Find the Attribute with the Display Name of givenName and sn, and clear the Yes checkbox for the Attribute required entry in the same way as described above, respectively, and save.

    My image alt textMy image alt text

    After making these changes, run the import again and you should see your AD users load into Okta as normal.

    Related questions

    Q. What is required when creating a user in Okta?

    A. The values username, email, firstName, and lastName are required during the initial setup of Okta Org, but as mentioned earlier, firstName and lastName can be turned off. The values username and email are required when creating an Okta user and cannot be turned off.

    Q. Is this the same for other LDAP directories besides AD (OpenLDAP, AD LDS, OID, etc.)?

    A. For LDAP Directories, you will need help from the Okta Support Team to integrate users without firstName and lastName set. Please open a Support Ticket for assistance and an Okta Support Engineer can provide you with the help you need.