Azure AD provisioning

Alex Ward
Kilo Guru

‎02-21-2019 07:34 AM

Can anyone advise which field is used as the 'coalesce' field for users provisioned from Azure AD?

I was under the impression that the UPN from azure was used to match the User ID in ServiceNow, on this basis I would expect an additional account to be created with a new User ID on change of the UPN in Azure, this doesn't appear to be the case though.

0 Helpfuls
  • 1,263 Views
2 REPLIES 2

Leo Joseph
ServiceNow Employee
ServiceNow Employee

‎02-21-2019 07:46 AM

Hi Alex,

From the documentation 

instance automatically creates a record in a temporary table with the name u_import_saml_user_<suffix>, where <suffix> is an automatically generated text identifier. The system also creates transform map that specifies the data relationships between the import table and the User table. Each IdP in identified in the system has its own transform map. The transform map is created once for each IdP. Administrators can update it as necessary.

SAML user provisioning

From the User Provisioning Transform Map

You can edit the Source Filed and make the filed to coalesce from the claim that is populated from Azure .

 

find_real_file.png

 

Hope this helps.

 

Regards,

Leo Joseph.

Preview file
185 KB

Alex Ward
Kilo Guru

‎02-21-2019 09:48 AM

Thank you for your reply Leo.

Looking at the transform map, the coalesce is pre-defined as the 'email' which is what I was hoping to be able to set it as any way.....so that is good. We are however about to embark on creation of a new Azure environment, the email addresses will be the same, but different UPN/User ID. Do you have any thoughts on how this might behave? I am aware that this will be a separate transform map, but the email field used for coalesce is the same field on the user form regardless of data sources.

We will obviously running tests against this in our dev environment, but any prior knowledge etc is useful.

0 Helpfuls