SanthoshKumar-R
Scholar

SAML based authentication - User Sync issues

Jump to solution

Hello,

 

We have SAML based Azure AD - Identity federation with auto-acceleration set to on - in NWC.

 

I have to use Assign a task action where the Assignee will be determined dynamically.

I couldn’t get this working and gives this error below when workflow is executed.

 

SanthoshKumarR_0-1629465508541.png

 

What I have found so far is:

 

If the user has never used NWC before, then they have to first access the NWC site, in order for them to get added/registered to the NWC Portal. Only then the workflow recognizes the user. But that is not practical as we cannot email every user the link to NWC and ask them to access the page.

 

Anyone faced similar issues? any solutions please?

 

@cecilia-penha  @Jake

Labels: (1)
0 Kudos
Reply
3 Replies
butlerj
Community Manager Community Manager
Community Manager

Re: SAML based authentication - User Sync issues

Jump to solution

@SanthoshKumar-R you need to make sure your 'User directory lookup configuration' is configured with your Azure AD:

Screenshot 2021-08-23 090709.png

View solution in original post

0 Kudos
Reply
SanthoshKumar-R
Scholar

Re: SAML based authentication - User Sync issues

Jump to solution

Thanks @butlerj  

Do you know why the User Directory Lookup requires Global Admin level access? My Azure admins are not comfortable giving more access than Read, as its expected only to read?

0 Kudos
Reply
butlerj
Community Manager Community Manager
Community Manager

Re: SAML based authentication - User Sync issues

Jump to solution

@SanthoshKumar-R I'm not 100% sure on that. As far as I know the User Directory Lookup just uses Read permissions to understand who is in the Azure AD instance and then get their contact information for assignment. I suspect that this is because we need to actually add the app at the Azure AD level (as an enterprise app), and so the Global Admin account would have full rights to do this without issue. 

0 Kudos
Reply