{{#if (not signed_in)}} {{#is help_center.name "Ideagen Help"}} {{#link "sign_in" class="unified-navigation--btn-primary"}}Sign in{{/link}} {{else}} {{#link "sign_in" class="unified-navigation--btn-primary"}}Sign in{{/link}}
{{/is}} {{/if}} {{#if signed_in}}
{{#is help_center.name "Ideagen Help"}}
Manage tickets
{{else}} {{#link "requests" role="menuitem"}}
Manage tickets {{/link}} {{/is}}
Update profile
Change password
Privacy Policy
Terms of Use
{{#link "sign_out" role="menuitem" class="signOut"}}
Sign out {{/link}}
{{/if}}
{{user.name}}
Looking for help?
Send us feedback
Before you start
This form is for Ideagen Luminate feedback only.
Your submission will not receive a response. To request solution support, open a ticket with us.
We'd love to hear your thoughts on features, usability, or what you love about Ideagen Luminate.
Question
Automated SSO Account Creation - how are you doing it?
+2We are a large organization in the process of migrating from on-prem to cloud.
We have an automation to create/update/archive users via the API and keep everything in sync with our IDP. The problem is that the API can’t add UPN (User Principal Name), which is required for SSO to work.
How are you dealing with this? Certainly you aren’t doing a manual daily bulk upload, which the documentation would leave me to believe is the only option.
Hi,
We’re facing the same issue. AFAIK the API currently doesn’t support adding or updating the UPN field, which makes it difficult to fully automate user management and maintain proper SSO functionality.
One workaround we’ve implemented is enabling “Just-In-Time” provisioning for SSO users. This allows accounts to be created automatically upon first login through SSO, so there’s no need for manual uploads.
However, this approach has a major limitation. It only works for users signing in through SSO and main page. If someone tries to access the system via web reporting (majority of our users), the JIT provisioning won’t apply, and the account won’t be created automatically. Also permission management is an issue.
Would also be great to hear if anyone has found a cleaner way to manage UPN updates via API or an alternative automation method.
+2Just-In-Time doesn’t meet our needs, either. The business wants all users in the system, not just those who have logged in before, so that their records can be referenced in occurrence reports.
The service desk is telling us to use bulk edit, so we may explore a robotic process to do that until our feature request (to make UPN accessible via API) makes it live (if that ever happens).
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.