Common SSO Questions

Q - Can we send the @mention name as an attribute?
A - Yes, you can send the @mention username as an SSO attribute. The default attribute name is "username", or you can use attribute mapping

Q - If you have SSO, you do not need to send a verification email right?
A - Correct :) 

Q - Is there also a way to automatically create groups with an attribute, skipping the step of setting up a member profile question?
A - It depends on what type of SSO you are using but in general, yes. They can use their IdP groups to map directly into IdeaScale. Click here for more info.

Q - How do I confirm if my IdP is sending a specific attribute and check the values?
A - Take a look at our SSO Debugger
A -  You can view your SAML traffic in a browser plugin or developer tool (but this would only apply to your login, not someone else's)

Q - Using SSO will my users who have the status 'unknown' receive broadcast emails?
A - No, we will not send broadcast emails to Unknown email status members.

Q - If I change my community's URL, will that affect SSO?
A - Yes, you will need to update the federation in your IdP after the rename.

Q -  We use SSO as an assignment method for groups based on a field in our active directory. I was wondering if this updates each time a user logs in?
A - IdeaScale reevaluates group memberships based on profile questions at each login.

Q - Can I use an API to upload avatar images for my community members?
A - Yes, IdeaScale has an API endpoint to upload avatar images.  They would need to:
• look up the member ID by email address or username using either

• use the retrieved member ID in the call to upload an avatar image  

Q - If I use SSO, can I have multiple email addresses in my profile?

A - Yes

Q - Do I need to compulsorily provide my email address if it not provided by my IdP?

A - No, if your IdP has not provided an email address, you will be asked just once upon your first login to provide it though you may opt not to provide it by clicking on the Skip option.

Q - Can I claim an existing email address?

A - Yes, when you are asked to provide an email address and enter an email address that already exists in the community you will be asked to claim it.

Q -
 Using SSO if I have a password change, where does that happen?
A - This happens on your IdP, IdeaScale does not handle it. 

Q - I use SSO and some of my users have the status 'Unknown/Sent'. How do I get them all assumed verified?
A - We recommend adding  your domain to the trusted domains on your account, then all email addresses for that domain will automatically be assumed verified

Q - Can IdeaScale run end-to-end testing to ensure my SSO is working?
A - Currently IdeaScale does not offer this service. We recommend setting up mixed authentication (in case the SSO fails you can still log into your community) and then testing it out.  

Q - Can users set their own password?
A - Yes, if the Admin has enabled the setting “Allow members/persons to change username

Q - If the attributes change (e.g: user change department) then will the profile questions be updated at the next login with the new info from the SSO attribute?

A - Yes

Q - If users have been uploaded with no profile questions answered, but then log in with SSO will the profile questions be answered from the SSO attributes?

A - Yes

Last Updated: August 2, 2023