Bug in api/users/update_identity_provider?

I’m using the API call api/users/update_identity_provider to migrate users from LDAP to SAML

When I issue this command, it works:


When I issue this command, it works


When I issue this command, it fails


If the first ‘.’ in the email address is followed by a capital letter, I get

Invoke-RestMethod : The remote server returned an error: (400) Bad Request.

I can run the same command with these parameters without issue:


This causes a pretty significant problem because the email addresses in our IdP are capitalized.

So when I convert an LDAP user, the identity has to match exactly. Otherwise, the SAML login creates a 2nd account.

Since I never got any response - I was able to work around this by doing the following:

$login = “ldap_ID”
$newIdentity = “email.address@domain.com

$foo = “http://localhost:9000/api/users/update_identity_provider?login=$login&newExternalProvider=saml

Invoke-RestMethod -Uri $foo -Headers $headers -Method POST

$foo = “http://localhost:9000/api/users/update_identity_provider?login=$login&newExternalProvider=saml&newExternalIdentity=$newIdentity

Invoke-RestMethod -Uri $foo -Headers $headers -Method POST

For some reason if you do it as 2 separate steps it works.


Thanks for this report and sorry it got overlooked initially.

I’ve flagged this for team attention.


Hi @bduffey,

Thanks for the detailed report and for the workaround that you found!

We’ll investigate this on our side and we’ll open a ticket if we confirm it.
I’ll post an update as soon as we find time to take a look.

1 Like

Hi Blake,

Sorry for the very late answer.

Since 10.4, we deprecated POST api/users/update_identity_provider and we recommend using PATCH api/v2/users-management/users/{id}.


This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.