In using IDP logon in Jira and Confluence, a local account gets created

  • Christopher Reitci
    # 1 month ago

    In using IDP logon in Jira and Confluence, a local account gets created with email address as the username.
    In the IDP Configuration I do a ‘Test Configuration’ and receive Attribute Name: NameID and Attribute Value: <email address>

    I want users to be authenticated using the username they typed in. The email address is not necessarily the same as username@domain .

    Also, how do I turn off the function to dynamically create a username internally?

    Shradha
    # 1 month ago

    This could be because Username is configured with NameID (which is returning email address in IDP response) so the user with this username (i.e. email) does not exist hence new user is getting created on SSO. (First, it tries to search users in the existing list if it does not found then the new user is getting created)

    Check Test Configuration and copy username attribute name, go to User Profile tab and map it against Username option and try login again.

    how do I turn off the function to dynamically create a username internally?
    >> Go to User Groups tab and select Disable User Creation. This will restrict new user creation on login. In this case, existing user will get logged in everytime.

    Let me know if this solves the issue else we can set up a quick call and help you with the configurations.

    Christopher Reitci
    # 1 month ago

    “…Check Test Configuration and copy username attribute name, go to User Profile tab and map it against Username option and try login again…”

    The Username is already set to the username attribute of ‘UserID’ and we have the problem. Email is set to the default of NameID

    Our UPN may be different from the email address.

    Christopher Reitci
    # 1 month ago

    Any ideas? We want to have username as <username1> and the email as <username2>@domain.com

    username1 may or may not be the same as username2

    Shradha
    # 1 month ago

    Any ideas? We want to have username as <username1> and the email as <username2>@domain.com
    >> Yes, it’s possible. I need to check a couple of things. This entirely depends on your IdP and attributes being sent from your IdP.

    Could you please send me the screenshot of your Test Configurations results? and user details (username and email) you want to log in with.

Viewing 5 posts - 1 through 5 (of 5 total)

Reply