Remove the username attribute from a database connection user profile

Problem Statement

In the initial implementation, we imported users with the username attribute to a database connection. However, the username is not required, so we want to remove it from all the user profiles associated with that connection.

We tried setting the username attribute through the Management API as null or undefined but received an error.

Solution

It is not possible to remove the username attribute from a database connection user profile once the profile is created. This is independent of whether the connection is configured with requires the username option or not. The validation rules in the Management API require that any value provided for the username property be a string with at least one character. That’s why you received the error.

The self-service alternatives always imply the recreation of the user profile; if the connection is a custom database connection, the user could be removed and the custom scripts updated to ensure that the username is not returned on a subsequent login. If the connection is a custom database connection with import mode enabled, the situation is more complex as removing the user may imply their current credentials (password) are lost if the user changed their password after they got migrated into the tenant.

It’s technically possible to request an export of password hashes and re-import all the users (without the username) into a new connection. However, this will imply either a maintenance window where logins are unavailable (the time it will take to delete the original connection and re-import the users into a new connection) or it will require importing users with different user identifiers.