Okta // Assigning One Application Multiple Usernames

Maybe this will help someone down the line - have you ever needed to assign a particular application in Okta to a group of people, but the NameID attribute be different based on the account?

Guess what, I've run into this, and now I have a solution thanks to Okta's Expression Language.

If you set your NameID attribute to Custom in your Okta application, you can use the following line to set the username based on the email.

String.stringContains(user.email, "domain.com") ? substringBefore(user.email, '@') : user.email

In this case, the NameID attribute changes based on the domain suffix. For the line above, if your Okta email address reads as MyUsername@domain.com, then your NameID attribute would be MyUsername. However, if your Okta email address reads as TheirUsername@anotherdomain.com, then your NameID attribute would be TheirUsername@anotherdomain.com.

This came in handy for separating two cohorts of users in our Brightspace Desire2Learn tenant as we have different username values based on if the individual is an enrolled student or not.

Wanted to share this just in case anyone gets confused with Okta Expression Language, as reading the articles on it throws me off sometimes - I lucked out and had a moment of clarity tonight, though!