User lookup applies to both OIDC and SAML Identity Providers. Configure which claim/attribute from the identity provider should be used to look up users in the user directory.

You can choose up to three claims/attributes where the username can be present. Username will be searched for in priority 1. attribute first. If this attribute does not exist or is empty, it will be searched for in priority 2. and then priority 3. Username claims must contain unique usernames.

It is also possible to choose a custom username attribute. Map custom username attribute to its equivalent from the IdP.

OIDC Username claim

SAML username attribute

User directory lookup attribute

User attribute selection is only available for LDAP/AD user directories and when Just-in-time provisioning is turned off. For any directory you can choose to look up via username or email. LDAP/AD can also look up users using userPrincipalName, sAMAccountName, uid or SCIM externalid from IdP.

The “SCIM externalid from IdP” is used to lookup users with the SCIM user directory user id.

The SCIM external Id from the user directory can be seen when you select the user in the Users menu in the selected SCIM cloud user provisioning:

Transform username

Transformation will be performed before looking up user in user directory.

Use name part only

Strips domain name e.g. use ‘john.doe’ instead of ‘john.doe@example.com’.

Transform with regular expression

You can define multiple expressions and prioritize them. The first expression match is used to generate the replacement.

Test transformation

Verify that the rules matches and transforms the username as expected.