User lookup applies to both OIDC and SAML Identity Providers. Configure which claim/attribute from the identity provider should be used to look up users in the user directory.

You can choose up to three claims/attributes where the username can be present. Username will be searched for in priority 1. attribute first. If this attribute does not exist or is empty, it will be searched for in priority 2. and then priority 3. Username claims must contain unique usernames.

It is also possible to choose a custom username attribute. Map custom username attribute to its equivalent from the IdP.

OIDC Username claim

Open

SAML username attribute

Open

User directory lookup attribute

User attribute selection is only available for LDAP user directories and when Just-in-time provisioning is turned off.

Transform username

Transformation will be performed before looking up user in user directory.

Use name part only

Strips domain name e.g. use ‘john.doe’ instead of ‘john.doe@example.com’.

Transform with regular expression

You can define multiple expressions and prioritize them. The first expression match is used to generate the replacement.

Test transformation

Verify that the rules matches and transforms the username as expected.