Community
Select to view content in your preferred language

AGOL Default Creating Account Names with Emails Instead of First, Last Names

420
1
10-07-2024 09:07 AM
Labels (1)
Labels
SaraJL
by
Frequent Contributor
‎10-07-2024 09:07 AM

Hello Everyone!

After the SAML certificate update this month (we are a SAML AGOL) - every time a new account is added, the username is defaulting to the email instead of the "First Last" name like it did previously. I have added it in the New Member settings in the Org Settings, but for some reason it's still not updating. 

I would just leave it, but unfortunately it messes with the user search - if I try to search a user by name, it can't find it. I can only search by their email. 

For privacy reasons, it's hard to post a screenshot! But if anyone has questions, I can try and elaborate a little more. I'm just wondering if there is another place I need to update in the settings other than the Org Settings > New member defaults > Username format.

This is what it is currently set too, but the profile names are still defaulting to email:

SaraJL_0-1728317137843.png

Anyone else have this issue? Just wondering before I reach out to tech support. In the meantime, I have to manually update it. 

Thank you!

1 Reply
TimF
by
Regular Contributor
‎10-18-2024 02:41 AM

Possibly a bit late for this one, but I don't believe the 'Username format' section you've identified applies for SAML accounts. I think it's more for when you invite members manually, after typing in the first name + last name cells, this setting auto-generates the username to avoid you repeat-typing the same info - and you can change the format here.

Accounts added via SAML pick-up the username from identity provider (IDP) attributes coming across from your Active Directory - so the above is ignored. As the certificate update would have required an update on your IDP, it sounds like something has been reset there to stop the correct attributes coming through.

We had this issue when we first set-up SAML. Initially the username was an alphanumeric identifier; then email; and finally FirstName.LastName. Our solution architect configured it using the following guides (hopefully the links still work!):

This technical article explains the base set up - https://doc.arcgis.com/en/arcgis-online/administer/saml-logins.htm

With SAML logins you can map IDP (e.g. Azure AD) attributes to the SAML configuration. See the following:

https://github.com/Esri/idp/blob/main/Documentation/SAML/Configure%20Azure%20Active%20Directory.md

and particularly the final point on configure and customise the SAML claim:

https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-saml-claims-custom...

0 Kudos