Why email address is checked in SAML authentication?

lg2de · May 25, 2023, 2:52pm

Continuing the discussion from Migration to SAML authentication:

Why the email address is checked while login?
I have a local administrator (no SAML!) which I would like to configure with my personal email address.
The same email address is configured in my personal AD account.
If I have configured both SQ users with the same email address I cannot login anymore with SAML with the following error message:

This account is already associated with another authentication method.
Sign in using the current authentication method,
or contact your administrator to transfer your account to a different authentication method.

This is confusing because the configured identity is the domain user name (onpremisessamaccountname).

This applies to SQ version 9.9 and 10.0.

ganncamp · May 31, 2023, 3:00pm

Hi,

In fact, this applies much farther back than that. I’m not finding it in the docs (and I plan to raise that internally) but IIRC, we insist on email unicity because it does / can come into play for issue assignment.

HTH,
Ann

lg2de · June 8, 2023, 7:19am

Users should be assigned, now email addresses.
As explained there are two users with the same address: It is me in two different roles, user and (local) administrator.

ganncamp · June 8, 2023, 11:38am

Hi,

I’ve confirmed internally that the email unicity requirement is because we use it in issue assignment. Perhaps your email admin can give you an alias?

Ann

lg2de · June 8, 2023, 1:00pm

Perhaps you can assign users, and send information on user’s email address.