We are using Azure AD for SSO. According to the docs, the value of userName under jwtClaims should be “preferred_username”. This results in users’ email addresses being used as the display name in the UI, and the name of the home space. Is there a value of preferred_username that maps to users’ account IDs instead? If so, can we switch the configuration without breaking anything?
I believe the username is always the email in Azure AD, since its the unique identifier for a user. If you were to change the value, all users would get a new home space and would lose access to their old spaces.
Ok. Thank you, Doron.
Sounds like it isn’t configured properly. Can you open an CS ticket with your config (posting here in the open is not advisable) and support can take a look.
Without seeing the config files (again please don’t post them here, use the support portal since this is an enterprise only feature) it is hard to provide help - it seems that the provided client id/secret are not able to finish the SSO flow (hence the 401 error).