Background:
I’m preloading users via API to assign rights as manager roles and permissions.
I’m populating Name, Email, Login & Title via the API.
When the users login via SSO, in IDN it ties them to their identity, but in NERM the Name & Email are cleared from the User record. The ID on the User Record is still the same.
Is NERM capturing this data from SSO or does it get it from IDN?
If a user logs in via SSO - the user Data being sent to NERM is from the SAML claims that come over with the SSO.
If the user logs in with a local ISC account (You invite their Identity and provide a User Level, etc) - those values come from the identity/isc user.
So, if you preset the values in NERM with the API and then the data gets cleared via the SSO login - likely the SAML claims are empty for email / name. In your identity provider, make sure you are sending the attribute claims as exactly name, email, and groups
Running a SAML trace when logging in would help to see what values are actually being sending the POST SAML request - I like this browser extension, but there are others: SAML-tracer - Chrome Web Store
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.