Forum Discussion
AzureAD sharepoint SAML integrattion
What is the SAML error, can it not find the user? Can you post the SAML trace?
hi Peter ,
Happy new year and apologies for the delay in responding.
thanks for your email. Below is what i have found in the trace.
SAMLtrace for working user which is a microsoft online account
<NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">maverick1@hotmail.com</NameID>
you can see that azure is passing the email address which is used as federatedID between azure and salesforce
SAMLtrace for non-working user which is a user account in the directory
<NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">F8xKa2JIpxTCFjO66gjj-9TrfpXfOnyxOHogR8s1PA4</NameID>
As you can see from above that the email address is not being passed as federationID for the user in the directory . So , it only seems to work with the MS online account.
your help would be appreciated.
Hello,
Please check your Saleforce claim mappings, nameidentifier should map to user.mail or user.userprincipalname. These values should be identical to the Saleforce account FederationID.
If you’re using user.mail, please check the accounts have the mail attribute using the Azure AD PowerShell cmdlets for cloud accounts or sync'd, Active Directory Users and Computers.
If you’ve found this post helpful, please click the Like button.
Hi ThinkSync,
They are correctly set to user.mail. The thing that I am stuck is that it works for the microsoft account i.e the account I login to the azure tenant with. However, it doesn't work with users that are in the AAD.
Thanks
AR
- hi thinksync,
any ideas?
Regards
AR
