SAML based authentication - User Sync issues



We have SAML based Azure AD - Identity federation with auto-acceleration set to on - in NWC.


I have to use Assign a task action where the Assignee will be determined dynamically.

I couldn’t get this working and gives this error below when workflow is executed.



What I have found so far is:


If the user has never used NWC before, then they have to first access the NWC site, in order for them to get added/registered to the NWC Portal. Only then the workflow recognizes the user. But that is not practical as we cannot email every user the link to NWC and ask them to access the page.


Anyone faced similar issues? any solutions please?


@cecilia-penha  @Jake


Best answer by butlerj 23 August 2021, 18:07

View original

3 replies

Userlevel 5
Badge +18

@SanthoshKumar-R you need to make sure your 'User directory lookup configuration' is configured with your Azure AD:

Thanks @butlerj  

Do you know why the User Directory Lookup requires Global Admin level access? My Azure admins are not comfortable giving more access than Read, as its expected only to read?

Userlevel 5
Badge +18

@SanthoshKumar-R I'm not 100% sure on that. As far as I know the User Directory Lookup just uses Read permissions to understand who is in the Azure AD instance and then get their contact information for assignment. I suspect that this is because we need to actually add the app at the Azure AD level (as an enterprise app), and so the Global Admin account would have full rights to do this without issue.