User lookup (SAML/OIDC)
User lookup applies to both OIDC and SAML Identity Providers. Configure which claim/attribute from the identity provider should be used to look up users in the user directory.
You can choose up to three claims/attributes where the username can be present. Username will be searched for in priority 1. attribute first. If this attribute does not exist or is empty, it will be searched for in priority 2. and then priority 3. Username claims must contain unique usernames.
It is also possible to choose a custom username attribute. Map custom username attribute to its equivalent from the IdP.
OIDC Username claim
SAML username attribute
User directory lookup attribute
User attribute selection is only available for LDAP/AD user directories and when Just-in-time provisioning is turned off. For any directory you can choose to look up via username or email. LDAP/AD can also look up users using userPrincipalName, sAMAccountName or uid.
Transform username
Transformation will be performed before looking up user in user directory.
Use name part only
Strips domain name e.g. use ‘john.doe’ instead of ‘john.doe@example.com’.
Transform with regular expression
You can define multiple expressions and prioritize them. The first expression match is used to generate the replacement.
Test transformation
Verify that the rules matches and transforms the username as expected.