What happens if I rename a provisioned user in Azure AD or Okta?
Currently we do not support username change in LastPass.
When Azure AD and Okta create a user in LastPass, we report back a scimid. After that, Azure AD or Okta reaches the user by the following url: scimapi/<companyid>/users/<scimid>. For example: scimapi/1234/users/345.
In Azure, this scimid cannot be changed as it is unique to that user. If you delete and recreate a new LastPass user with the same email address, the new account would have another unique scimid.
Instead of renaming a user, reassign users instead. Depending on if you use Azure AD or Okta the instructions for reassigning will vary.
- Log in to the Azure AD or Okta admin portal, then follow the steps below.
Reassign users for this provider Instructions Okta
- Remove the user from the assigned group/Unassign the directly assigned user.
- Verify the account is disabled on LastPass side correctly (if the user exists in LP).
- Add the user to the provisional group/ reassign the user directly.
- Verify the account is reenabled on LastPass side correctly.
- Save the attribute mapping and group/user assignments.
- Delete app.
- Recreate app with the proper attribute mapping.
- Recreate group/user assignments.
- If federated login was enabled, it should be configured again with the data of the recreated app.