Expand my Community achievements bar.

Changing name after SSO

Avatar

Level 1
Hello, We implemented SSO with auto-provisioning for our team, and found a slight problem. As we pull names from the active directory any time someone changes their name in their profile, it will revert upon the next login. Example: Su becomes Susan every time she logs in. This iss causing slight confusion to some of our teams. Any ideas on what can be done to get around this? I can only htink of not mapping First name as an attribute but that seems counter intuitive to auto-provisioning. Thanks, Kyle Cummings Toyota Financial Services
7 Replies

Avatar

Level 2
Hi Kyle, We had the same issue in the spring with SSO, among others, which caused issues with our interface to our accounting software as the names didn't match nor did the authentication of administrators. We don't use SSO anymore. Good luck, Annikki Annikki Desmarais Cantactix Solutions Inc.

Avatar

Level 1
Hey Kyle, If you use auto-provisioning with SSO you cannot also have custom first/last name options as those are required fields for the account to be created. I think the little "i" for the checkbox for auto-provisioning mentions those attributes are required. The attribute setting is hitting an AD check each day and is resetting the name to match AD. If you use SSO without auto-provisioning you can leave the name attributes alone and people can use custom names. David White Centene Corporation

Avatar

Level 2
We have auto-provisioning shut off and the names will still revert back to their SSO names upon login. We were told that as long as we use SSO, the names must match between AD and WF. The only option we had was a complete redesign of our AD system, and that was not on the table. It does create an issue for many of our users, which is unfortunate; however, with 800+ users, SSO is still our best option. We do, however, have some users who are sensitive about their names and will update it in the system EVERY DAY after they login. As long as a user is logged in, their most recent name entry will display inside the system. I know it is not a great option, but some of our users have just added it as part of the daily login routine. Good Luck! Kelli Mortimer Caesars Entertainment

Avatar

Level 1
There is a section in the SSO settings that assigns attributes to sync via SSO (like names) and if auto-provisioning is enabled first and last name are required but not for SSO itself. We only have the email address attribute as that is what we use for federation ID so people are able to set their preferred names and use SSO. We've setup most of our company instances this way (and recently removed the name attributes for one instance so they could customize names). Names are required for auto--provisioning and during manual account creation but not for SSO to work. You might try removing the name attributes. David White Centene Corporation

Avatar

Level 2
we had a similar issue and we had to turn off Auto-Provisioning. Our issue is with email address instead. We have a ton of vendors who use our Workfront instance. The issue is before when we only had SSO enabled we had no issues. Now that we turned on Auto-provisioning it's pulling the email from AD. The issue is in AD it's not the vendor email but a company assigned email address. This caused a big uproar because the vendors wanted to keep using their personal email address instead of the company assigned one. We only had two solutions for this 1. Make the vendors use the company assigned email address 2. Turn off Auto-Provisioning so it quits pulling from AD. We ended up going with option 2 because of the feedback we received from our users. Anyone else have a similar issue? Colin Wehrle

Avatar

Level 10
Yeah we had a similar issue. We also wanted to be able to take information from PeopleSoft (and now ADP) to bring into a profile by default. So we created an API integration to onboard and offboard WF ID's for us. It works great and saves me a TON of time manually adding and removing people.

Avatar

Level 2
We had someone that created a similar process for us now to add remove people. It is working for us. We have mentioned to Workfront that we also use another Program and they should model the Auto-Provisioning after them. If we add someone to the AD group they are automatically added to the program and if you remove them from the AD group then they are removed from the program. That is how we wish Workfront would work like. Colin Wehrle