diff --git a/auth/src/main/java/org/gorpipe/gor/auth/AuthConfig.java b/auth/src/main/java/org/gorpipe/gor/auth/AuthConfig.java
index 5df29c08..38d14b95 100644
--- a/auth/src/main/java/org/gorpipe/gor/auth/AuthConfig.java
+++ b/auth/src/main/java/org/gorpipe/gor/auth/AuthConfig.java
@@ -49,7 +49,7 @@ public interface AuthConfig extends Config {
 
     @Documentation("")
     @Key(PLATFORM_USER_KEY)
-    @DefaultValue("email")
+    @DefaultValue("preferred_username")
     String getPlatformUserKey();
 
     String UPDATE_AUTH_INFO_POLICY = "UPDATE_AUTH_INFO_POLICY";
diff --git a/auth/src/main/java/org/gorpipe/security/cred/CredentialsHelperMain.java b/auth/src/main/java/org/gorpipe/security/cred/CredentialsHelperMain.java
index 523b4535..ac0f2ac7 100644
--- a/auth/src/main/java/org/gorpipe/security/cred/CredentialsHelperMain.java
+++ b/auth/src/main/java/org/gorpipe/security/cred/CredentialsHelperMain.java
@@ -15,7 +15,8 @@
 public class CredentialsHelperMain {
     static class Options {
         public String forProject;
-        public String forUser;
+        public String forUsername;
+        public String forUserid;
         public String forService;
         public String lookupKey;
         public boolean base64;
@@ -90,9 +91,10 @@ public static Options processArgs(String[] args) {
         public static void help(String message) {
             if (message != null) System.err.println(message);
             System.err.println(
-                    "\nUsage: cred_helper --for-project projectName [--for-user userId] [--for-service service] [--lookup-key lookupKey] [--base64 | --sec] [--api-url apiUrl] [--api-user apiUser] [--api-password apiPassword] \n\n" +
+                    "\nUsage: cred_helper --for-project projectName [--for-userName userName] [--for-userId userId] [--for-service service] [--lookup-key lookupKey] [--base64 | --sec] [--api-url apiUrl] [--api-user apiUser] [--api-password apiPassword] \n\n" +
                             "Fetches credentials from credentials service and prints (default as json object)\n" +
                             "projectName: internal project name of project to query\n" +
+                            "userName: internal user name\n" +
                             "userId: id (numeric) of user to get credentials for\n" +
                             "service: restrict to service (e.g. dx or s3)\n" +
                             "lookupKey: provide a lookup key (e.g. bucket or dna nexus project id)\n" +
@@ -143,7 +145,7 @@ public String getPassword() {
             }
         };
         CsaCredentialService service = new CsaCredentialService(config, null, new CredentialsParser(), null);
-        BundledCredentials bundle = service.getCredentialsBundle(options.forProject, options.forUser, options.forService, options.lookupKey);
+        BundledCredentials bundle = service.getCredentialsBundle(options.forProject, options.forUsername, options.forUserid, options.forService, options.lookupKey);
         if (options.sec) {
             System.out.println("cred_bundle=" + bundle.toBase64String());
         } else if (options.base64) {
diff --git a/auth/src/main/java/org/gorpipe/security/cred/CsaCredentialService.java b/auth/src/main/java/org/gorpipe/security/cred/CsaCredentialService.java
index df1833f4..cb705f2d 100644
--- a/auth/src/main/java/org/gorpipe/security/cred/CsaCredentialService.java
+++ b/auth/src/main/java/org/gorpipe/security/cred/CsaCredentialService.java
@@ -62,7 +62,7 @@ private BundledCredentials getCredentialsBundleFromCache(String projectName, Str
         try {
             return credentialsCache.get(key, (k) -> {
                 try {
-                    return getCredentialsBundle(projectName, userId);
+                    return getCredentialsBundle(projectName, userName, userId);
                 } catch (IOException e) {
                     throw new UncheckedExecutionException(e);
                 }
@@ -72,11 +72,11 @@ private BundledCredentials getCredentialsBundleFromCache(String projectName, Str
         }
     }
 
-    private BundledCredentials getCredentialsBundle(String projectName, String userId) throws IOException {
-        return getCredentialsBundle(projectName, userId, null, null);
+    private BundledCredentials getCredentialsBundle(String projectName, String userName, String userId) throws IOException {
+        return getCredentialsBundle(projectName, userName, userId, null, null);
     }
 
-    public BundledCredentials getCredentialsBundle(String projectName, String userId, String service, String lookupKey) throws IOException {
+    public BundledCredentials getCredentialsBundle(String projectName, String userName, String userId, String service, String lookupKey) throws IOException {
         log.debug("get credentials for project: {}, user {}", projectName, userId);
         if (!isConfigured()) {
             log.info("No configuration - returning empty credentials list");
@@ -84,6 +84,9 @@ public BundledCredentials getCredentialsBundle(String projectName, String userId
         }
         initAuth();
         String parms = String.format("find[project_key]=%s", projectName);
+        if (!Strings.isNullOrEmpty(userName)) {
+            parms = parms + String.format("&find[preferred_username]=%s", userName);
+        }
         if (!Strings.isNullOrEmpty(userId)) {
             parms = parms + String.format("&find[user_id]=%s", userId);
         }
diff --git a/auth/src/test/java/org/gorpipe/security/cred/UTestCredentialsHelperMain.java b/auth/src/test/java/org/gorpipe/security/cred/UTestCredentialsHelperMain.java
index d9bcd067..4123280f 100644
--- a/auth/src/test/java/org/gorpipe/security/cred/UTestCredentialsHelperMain.java
+++ b/auth/src/test/java/org/gorpipe/security/cred/UTestCredentialsHelperMain.java
@@ -30,25 +30,40 @@ public String getenv(String env) {
 
 
     @Test
-    public void testForUserOption() {
+    public void testForUserIdOption() {
         List<String> unparsed = new ArrayList<>();
         CredentialsHelperMain.Options options;
 
-        options = CredentialsHelperMain.Options.parse( new String[]{"--for-user", "123"}, unparsed);
-        Assert.assertEquals("123", options.forUser);
+        options = CredentialsHelperMain.Options.parse( new String[]{"--for-userId", "123"}, unparsed);
+        Assert.assertEquals("123", options.forUserid);
 
-        options = CredentialsHelperMain.Options.parse( new String[]{"--for-user", "abc"}, unparsed);
-        Assert.assertEquals("abc", options.forUser);
+        options = CredentialsHelperMain.Options.parse( new String[]{"--for-userId", "abc"}, unparsed);
+        Assert.assertEquals("abc", options.forUserid);
 
         options = CredentialsHelperMain.Options.parse( new String[]{}, unparsed);
-        Assert.assertEquals(null, options.forUser);
+        Assert.assertEquals(null, options.forUserid);
     }
 
     @Test
-    public void testInvalidForUserOption() {
+    public void testForUserNameOption() {
+        List<String> unparsed = new ArrayList<>();
+        CredentialsHelperMain.Options options;
+
+        options = CredentialsHelperMain.Options.parse( new String[]{"--for-userName", "123"}, unparsed);
+        Assert.assertEquals("123", options.forUsername);
+
+        options = CredentialsHelperMain.Options.parse( new String[]{"--for-userName", "abc"}, unparsed);
+        Assert.assertEquals("abc", options.forUsername);
+
+        options = CredentialsHelperMain.Options.parse( new String[]{}, unparsed);
+        Assert.assertEquals(null, options.forUsername);
+    }
+
+    @Test
+    public void testInvalidForUserIdOption() {
         List<String> unparsed = new ArrayList<>();
         exit.expectSystemExitWithStatus(-1);
-        CredentialsHelperMain.Options.parse(new String[]{"--for-user"}, unparsed);
+        CredentialsHelperMain.Options.parse(new String[]{"--for-userId"}, unparsed);
     }
 
     @Test