This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Migrating from LDAP to SAML when users have different emails

on ‎07-07-2021 03:21 PM

LookerExperts
Staff
1 0 94
Knowledge Drop

Last tested: Dec 3, 2017
 

Fortunately, when migrating to SAML there is an option to merge from LDAP. So this should be quite simple.

There was once an unfortunate case where some users had different emails in the LDAP system and the SAML system. The best way to fix this kind of thing is to create a new credentials_email for the user via the api and set that to have the email address that you want for that user in SAML. Then, in the SAML setup, add ‘email’ to the ‘merge by’ list. (If you already had that user try to log in with SAML and it created a new user object that you didn’t want, then you have to delete that new un-needed user object.) Then, when the person logs in Looker should find that credentials_email with the matching email address for the user and merge the new SAML login info to that existing user account.

This content is subject to limited support.                

Topic Labels
Version history
Last update:
‎07-07-2021 03:21 PM
Updated by: