We, for obvious reasons, can't have the primary email on the account created with the users' personal email as that would propogate downstream to all apps.What I've done in the past was to either generate the email on the HRIS (Workday, using Studio) or within Okta leveraging the users' First/Preferred name and last name attributes.Currently I receive a silly error stating that the email field on creation (with the same formula I've used previously (appuser.firstName + appuser.lastName + "@dom.ain"), is a null value. :)After a couple year struggle of trying to get OneLogin to do what my startup needed, we are finally moving to a full enterprise solution, Okta.I am looking to come up with a strategy for migration that will have the least amount of impact on the end user, but feeling a little lost on the details here. )I may be losing my mind - so just wondering what your process is, how you're handling things, if you're willing to share - or possibly point me in the right direction here. Due to a recent acquisition, we have now added secondary domain @xyz.com under abc.com primary domain.On top of this, 20 / 100 users would have identity on @xyz.com, so user - Basically, John would have 2 G Suite accounts which are part of one G Suite tenant.To achieve this in Okta, we have added a new G Suite tile with the name of xyz.com but it authenticates via Super Admin of abc.com since in G suite SSO applies for single domain and secondary domain inherits that configuration and in xyz.com we have just change the username authentication to "user.secondary_email", the value of secondary email under points to Once John logins to - Okta, he sees 2 different G suite tiles - one for abc.com and other for xyz.com.The account cannot be accessed because login credentials could not be verified.We have enrolled users in Okta Device Trust and they have successfully received the client certificate issued by the Okta MTLS Certificate Authority. Due to a recent acquisition, we have now added secondary domain @xyz.com under abc.com primary domain.On top of this, 20 / 100 users would have identity on @xyz.com, so user - Basically, John would have 2 G Suite accounts which are part of one G Suite tenant.To achieve this in Okta, we have added a new G Suite tile with the name of xyz.com but it authenticates via Super Admin of abc.com since in G suite SSO applies for single domain and secondary domain inherits that configuration and in xyz.com we have just change the username authentication to "user.secondary_email", the value of secondary email under points to Once John logins to - Okta, he sees 2 different G suite tiles - one for abc.com and other for xyz.com.The account cannot be accessed because login credentials could not be verified.We have enrolled users in Okta Device Trust and they have successfully received the client certificate issued by the Okta MTLS Certificate Authority. 4 comments. Okta provides identity management with Single Sign-On, Multi-factor Authentication, Lifecycle Management (Provisioning), and more.Press J to jump to the feed. Only trying to access Okta web resources? We would like to show you a description here but the site won’t allow us. What worked best for you?edit: For anyone else wondering in the same situation we did lots of planning and prep work to make the impact on end users very minimal:Use API to import all users to Okta, activate them with a random preset PWThis makes it so we dont need to worry about users missing activation emails and we preset the PW's so the accounts dont get in a weird state later on where they dont have a PWSet routing rules so all users auth through OneLogincreate shortcut apps in OneLogin that are just URL's to the corresponding Okta embedded link for each appAssigned each shortcut app to a role so we could use OneLogin API for assignment(sadly OneLogin API does not allow you to do app assignment, so this is why we needed a role)On day of migrating an app we pull a report from OneLogin on user detail so we can sort access by appWe use that list to assign the shortcut app role in OneLogin and the actual app in Okta with both API'sHide the app in the OneLogin portal as we cut over auth to OktaWhen auth is cutover, we reveal the shortcut app in OneLoginNews, articles and tools covering the Okta Identity Cloud. Configuring SAML for Workday. We are using Okta as our SSO provider and G suite as one of the applications to authenticate via Okta to our users.