Not a dev, just an admin who scripts a bit… Due to mergers/acquisitions and changes in IAM strategy over time, we’ve got some inconsistencies in username format, so there’s sometimes a mismatch between the login Okta is sending to an app and what the app is expecting. In cases where it’s difficult to change the value in the app, we do an override of the default username for that app in Okta, which fixes the issue.
I’m now in a position where I need a list of all these overrides. We have so many users and apps that this would be a tedious manual process, so I’d like to retrieve the information via API. But while I can get a list of an app’s username format, users assigned to the app, the users’ attributes, and each user’s username being used by the app, I can’t find a way to retrieve what the user’s username would have been without the override. (This is the value that would appear in the “sign on” tab of the GUI if you use the box that says “Preview mapping with a user.”)
Without this value, I’m looking at retrieving the app’s credential format, the user’s attributes, and writing a ton of if/then/else to go through the 35 different ways we customize the username for various apps (yes I counted haha) to parse the attributes into a username. But it would be so much simpler if I could just retrieve the default app username for a user and compare it to the actual one being used. Is there a way to do this that I haven’t discovered yet?