Populate correct user display names for new accounts
  • 23 Jun 2023
  • 1 Minute to read
  • Dark
    Light

Populate correct user display names for new accounts

  • Dark
    Light

Article summary

When new Enterprise user accounts are created, usernames may be automatically generated by one of two workflows: a single sign-on (SSO) invitation-based workflow or a SAML SSO just-in-time auto-provisioning workflow. For more information about SSO settings, read SSO Settings in InVision V7.

Usernames for SSO  invitation-based workflows

For Enterprise accounts using SSO-only invitation based-workflows, new InVision users are not asked for a name when creating an account. InVision relies on a SAML attribute from your Identity Provider to automatically populate the username. If this attribute is missing, new accounts can be created with incorrect usernames. 

Usernames for SAML auto-provisioning workflows

InVision can create new user accounts via auto-provisioning when a new user attempts to sign in to an Enterprise account using the SAML SSO method, and when the just-in-time auto provisioning option has been enabled. If the needed SAML attribute isn’t sent correctly in the identity provider SAML response (assertion), this can result in names for auto-provisioned accounts being populated incorrectly.

Why are users' first and last names appearing as "Unnamed User”?

This is the logic InVision uses to identify names for new accounts:

  1. Our implementation searches the response from the identity provider for the attribute name cn. If set, we use that attribute’s value for the user's name.
  2. If cn isn’t set, our implementation applies a named based on the user's email address.

We only support the LDAP short-form name for the cn attribute. The ADFS long-form URI equivalent for cn is not supported.

Why doesn’t the cn attribute appear in the Azure AD Source Attribute dropdown list despite all the attributes being in my on-premise AD?

You may need to add the missing attribute by synchronizing it from your on-premises Active Directory (AD) to Azure Active Directory (Azure AD).

You can learn more in this article: Sync an attribute from your on-premises Active Directory to Azure AD for provisioning to an application

The link will open the Microsoft documentation.

How can we correct the user's name?

When a user with the name "Unnamed User” signs out and signs back in to InVision, the system automatically re-names them to a name based on the user's email address.

Individual users can also update their account name by following the steps in this article: Updating the name on an InVision V7 account.


Was this article helpful?