Changing the SAML NameID to a unique user ID

Hello,

I’m trying to have the SAML response contain a unique user ID as the NameID. This is because the Okta username can change with time and that makes it impossible for the service provider to match the existing user.

The documentation seems to imply that this is possible with the following configuration of the SAML app:

CleanShot 2025-08-06 at 11.04.12@2x1424×412 24.8 KB

But this doesn’t work and the NameID continues to be the Okta username in the SAML responses. I may be misunderstanding something.

Is this a feature supported by Okta or could you confirm that it can’t be done?

Thanks.

This works I have just tested it.

However if you already have users assigned to the SAML App then the username will already be generated using the previous logic. You will need to either un-assign the users and then re-assign (under the Assignments tab on the Application), or under the assignments tab click the pencil icon to modify the assigned users and click “reset” to use the new logic.

You’re right, thank you! It indeed works. I’m new to Okta and I missed the fact that the username is set at assignment time.

Do you happen to know if it’s possible to configure the application username when creating an OIN integration? The wizard doesn’t collect this information and I suppose that changing the setting on the test instance before submission wouldn’t work.

Thank you!

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.