So I’m trying to switch the SAML method for my organization. We were using an internal username list for sign-on and now we want to use company emails associated with credentials saved in Azure.
My problem is when we switched the IDP cert and changed the SAML groupIds in Looker, all of the users who already had accounts got new SAML accounts, as opposed to just updating the credentials/”username” of their old account. This has caused some headaches with lost work, etc.
I set the “Merge Users Using” setting to Looker email/password, and the old users did have/still have their emails associated with their accounts.
Not sure what else to do. Has anyone else run into this problem? Tried to reach out to Looker Support but didn’t hear anything back.
References we used for setting up SAML already: