I’d know about the policy for the primary email adresse of user (defaut profile).
In fact, i’m a little confused for this cause, on one side, primary email suppose to be unique by the doc (Users | Okta Developer). On the other side, i can create mutli-accounts with the same adresse email in my organisation. But i can not find any settings in the console.
So my questions is :
Do the primary email address of user need to be unique ?
Where can we defined this policy (or can we customize => this unique or not)
Okta automatically uses the email address as the end user’s username. => Do you mean in the user profile mapping (app profile => okta profile), appuser.username map to email by defaut. But it is possible to change this mapping (with which i made my test to create multi accounts with the same email) ?
Hey Chengbo, I think the Okta username which uses the email address by default must be unique, but the primary email address does not need to be unique by default. I’ve got multiple accounts with different usernames and the same primary email address (as you found) - take a look at my screenshot.
Usernames must be unique in Okta and most identity platforms, but not emails.
I don’t know why its marked as UNIQUE=TRUE in the referenced table. That page links to the SCIM standard which has a multi-valued field ‘emails’ which are only a SHOULD (not MUST).
I’d suggest its possibly a documentation error - unless user creation via the API has different constraints to the Okta Admin UI. I don’t have postman handy to check.
@Chengbo The possible conflicts is when you set up reset password using forgot password option, reset password link is sent to the same email id for multi accounts.
Thanks for your return, yes, we may also have conflits when we are going to activate the MFA. So all the notification sent by okta are the primary email ? (I mean this is not configurable by admin, to change to the seconde email for exemple)
@Chengbo For testing purpose, you may create multiple Okta users with one email. However, the problem is multiple people will share access to a single email account, such as a distribution list. That is potentially a security thread. We recommend that only individual email addresses be used for Okta users for this reason.