HELP FILE

What happens if I rename a provisioned user in Azure AD or Okta?

What happens if I rename a provisioned user in Azure AD or Okta?

    Currently we do not support username change in LastPass.

    About this task:

    When Azure AD and Okta create a user in LastPass, we report back a scimid. After that, Azure AD or Okta reaches the user by the following url: scimapi/<companyid>/users/<scimid>. For example: scimapi/1234/users/345.

    In Azure, this scimid cannot be changed as it is unique to that user. If you delete and recreate a new LastPass user with the same email address, the new account would have another unique scimid.

    Instead of renaming a user, reassign users instead. Depending on if you use Azure AD or Okta the instructions for reassigning will vary.

    • Log in to the Azure AD or Okta admin portal, then follow the steps below.
      Reassign users for this provider Instructions
      Okta
      1. Remove the user from the assigned group/Unassign the directly assigned user.
      2. Verify the account is disabled on LastPass side correctly (if the user exists in LP).
      3. Add the user to the provisional group/ reassign the user directly.
      4. Verify the account is reenabled on LastPass side correctly.
      Azure AD
      1. Save the attribute mapping and group/user assignments.
      2. Delete app.
      3. Recreate app with the proper attribute mapping.
      4. Recreate group/user assignments.
      5. If federated login was enabled, it should be configured again with the data of the recreated app.