• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers

Need to Modify existing Username for each Account

New Here ,
Aug 12, 2020 Aug 12, 2020

Copy link to clipboard

Copied

I have a large base of users for K12 where I started with each UserName reflecting the first part of their email address (e.g. first_grader@school.com, where the UseName was just first_grader).  Now, to comply with a new SSO requirement, I need to Modify each account to include @domain.  When I attempt to do this using UserSync (to create bulk change) it doesn't make the modification.  

 

I am using the correct field name mappings, it just doesn't do it.  If I delete the user and then create via UserSync, it does create the new account with the correct UserName.

 

I hate to have to delete 70,000 accounts and start over.

 

Your advice is appreciated, Steph.

TOPICS
Admin console , Identity and SSO , Manage account

Views

203

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Adobe Employee , Aug 14, 2020 Aug 14, 2020

Hi Again Steph,

 

I am sure you have registered a new service provider app for Adobe for the new configuration on the RapidIdentity portal. Here's our documentation for this: https://helpx.adobe.com/enterprise/kb/adobe-single-sign-on-configuration-with-rapid-identity.html 

Under the section titled "Configure Rapid Identity" on the above doc, the 6th pointer talks about setting up NameID and shows how you can configure it to use mail. You'll need to make two changes to this:

(a) Change the NameID

...

Likes

Translate

Translate
Adobe Employee ,
Aug 12, 2020 Aug 12, 2020

Copy link to clipboard

Copied

Hi Steph,

Is this change required to be done to make sure the soon to be deprecated SHA-1 directories are upgraded to SHA-2? If yes, you don't necessarily need to change the usernames of the users. We can just map the right attributes to make sure that the SAML Subject (NameID) continues to pass the username as just first_grader as opposed to first_grader@school.com .

This is because we do not have any bulk operations to allow change of usernames of all users.

Depending on who you're using as your identity provider, I can suggest you the right attribute mappings.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Aug 12, 2020 Aug 12, 2020

Copy link to clipboard

Copied

Yes, thanks, this is due to that change.

I'm using identityAutomation (RapidIdentity).

As soon as I invoke my new SAML Provider with SHA-256, it no longer accepts
the FIRST_GRADER and requires FIRST_GRADER@SCHOOL.COM

I made the original setup, so I understand much of what I'm trying to
accomplish, but I'm missing something.

What I worked on today was an attempt to wipe all 71,000 users and refresh
with the new username. If I don't have to do that, it would be preferred.

I've attempted to use the documentation you have for identityAutomation,
but it is outdated.

Please let me know what you suggest to resolve this issue.

Thanks in advance for your help.

Thanks,
Steph







Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Aug 14, 2020 Aug 14, 2020

Copy link to clipboard

Copied

LATEST

Hi Again Steph,

 

I am sure you have registered a new service provider app for Adobe for the new configuration on the RapidIdentity portal. Here's our documentation for this: https://helpx.adobe.com/enterprise/kb/adobe-single-sign-on-configuration-with-rapid-identity.html 

Under the section titled "Configure Rapid Identity" on the above doc, the 6th pointer talks about setting up NameID and shows how you can configure it to use mail. You'll need to make two changes to this:

(a) Change the NameID format to unspecified from whatever it is currently set to.

(b) Change the LDAP attribute it passes to whatever corresponds to the value "first_grader" in your directory.

This would change what is currently being passed in the SAML subject as the value of NameID and it would match with the users' usernames and the authentication would then be successful. 

Please let me know how it goes. 

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Aug 13, 2020 Aug 13, 2020

Copy link to clipboard

Copied

 

Yes, any help would be appreciated.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines