- 23 Jun 2023
- 1 Minute to read
-
DarkLight
Populate correct user display names for new accounts
- Updated on 23 Jun 2023
- 1 Minute to read
-
DarkLight
When new Enterprise user accounts are created, usernames may be automatically generated by one of two workflows: a single sign-on (SSO) invitation-based workflow or a SAML SSO just-in-time auto-provisioning workflow. For more information about SSO settings, read SSO Settings in InVision V7.
Usernames for SSO invitation-based workflows
For Enterprise accounts using SSO-only invitation based-workflows, new InVision users are not asked for a name when creating an account. InVision relies on a SAML attribute from your Identity Provider to automatically populate the username. If this attribute is missing, new accounts can be created with incorrect usernames.
Usernames for SAML auto-provisioning workflows
InVision can create new user accounts via auto-provisioning when a new user attempts to sign in to an Enterprise account using the SAML SSO method, and when the just-in-time auto provisioning option has been enabled. If the needed SAML attribute isn’t sent correctly in the identity provider SAML response (assertion), this can result in names for auto-provisioned accounts being populated incorrectly.
Why are users' first and last names appearing as "Unnamed User”?
This is the logic InVision uses to identify names for new accounts:
- Our implementation searches the response from the identity provider for the attribute name
cn
. If set, we use that attribute’s value for the user's name. - If
cn
isn’t set, our implementation applies a named based on the user's email address.
We only support the LDAP short-form name for the cn
attribute. The ADFS long-form URI equivalent for cn
is not supported.
Why doesn’t the cn attribute appear in the Azure AD Source Attribute dropdown list despite all the attributes being in my on-premise AD?
You may need to add the missing attribute by synchronizing it from your on-premises Active Directory (AD) to Azure Active Directory (Azure AD).
You can learn more in this article: Sync an attribute from your on-premises Active Directory to Azure AD for provisioning to an application
The link will open the Microsoft documentation.
How can we correct the user's name?
When a user with the name "Unnamed User” signs out and signs back in to InVision, the system automatically re-names them to a name based on the user's email address.
Individual users can also update their account name by following the steps in this article: Updating the name on an InVision V7 account.