Forum Discussion

mcmcdonald-nbtx's avatar
mcmcdonald-nbtx
Qrew Member
2 days ago
Solved

Coping with EntraID username change

We have our windows ad users synced to quickbase via Azure AD/Entra ID and it is working fine but have run into our first snag which I haven't found anything directly addressing.

We had a user change her name and we have updated it in on prem AD which synced to Azure AD. Everything appears to be working normally for a week except for quickbase. 

She went through the sign in process in quickbase which pushed her to the identity provider sign in, the Azure sign in window comes up and she signs in successfully with her new email address and password. 

But then in quickbase she has no access to anything. Looking into user management it appears that Quickbase has generated a new user with her new email address, it still says "External authentication ID: <her new email>" so I assume that it's imported through provider management as usual however it did not transfer her paid quickbase seat or any of her app access or groups.

My read on this is that quickbase is using the primary email as the unique identifier instead of the azure object ID (looks like xxxxxxx-xxxx-xx...) and so it just thinks she's a totally different person. 

Does anyone know of a workaround or best practices article for this if it happens in the future?  We can manually recreate her permissions and move her license but it's kind of a hassle, and she'll lose any history tied to her old account which is now orphaned as she can't log into it using single sign on anymore. 

 

saml
User and group management
  • Maria's avatar
    Maria
    9 hours ago

    Your guess is probably correct. The unique identifier is actually determined when SAML is configured between Azure (or Active Directory) and Quickbase. In general we do not recommend using the email address for just this reason. A different email is a different user. 

    The quickest way to resolve this is to open a case with support and explain exactly what you said here. Your user changed her name and when that happened, a new user profile got created in quickbase rather than updating the existing one. 

    Support will need to invalidate the new user in order for the old user to be updated to the new email. The old user cannot be updated until the new user no longer exists because, when email address is the unique identifier, two user profiles cannot have the same email address. 

    I'm sorry you ran into this, but the good news is it should be relatively straightforward to resolve.

1 Reply

  • Maria's avatar
    Maria
    Community Manager
    9 hours ago

    Your guess is probably correct. The unique identifier is actually determined when SAML is configured between Azure (or Active Directory) and Quickbase. In general we do not recommend using the email address for just this reason. A different email is a different user. 

    The quickest way to resolve this is to open a case with support and explain exactly what you said here. Your user changed her name and when that happened, a new user profile got created in quickbase rather than updating the existing one. 

    Support will need to invalidate the new user in order for the old user to be updated to the new email. The old user cannot be updated until the new user no longer exists because, when email address is the unique identifier, two user profiles cannot have the same email address. 

    I'm sorry you ran into this, but the good news is it should be relatively straightforward to resolve.