SAML user name for SaaS is prefixed with sts.windows.net

Question

SAML user name for SaaS is prefixed with sts.windows.net

Ed Jobe 196

My IT department is trying to configure an Azure AD certificate to enable SSO for a SaaS service. However, when user's log in for the first time, their user name is of the form:
https://sts.windows.net/######-####-####-####-#########/:login[@](/users/na/?userId=b86545af-0000-0003-0000-000000000000).com

How does one configure AD so that SAML gets the correct user name, e.g. First Last?

Answer accepted by question author

0 additional answers

Your answer

Answer 1

JamesTran-MSFT 37,216 Microsoft Employee Moderator

@Ed Jobe
Thank you for your post and I apologize for the delayed response!

From your issue, I understand that when a user logs in for the first time, their username is in the form of - https://sts.windows.net/######-####-####-####-#########/:******@company.com, and you'd like to configure Azure AD so that SAML gets the correct username - i.e. First and Last Name.

When it comes to https://sts.windows.net/######-####-####-####-#########/:******@company.com, are you able to confirm if this is your Tenant ID (Issuer)?
Or is this the Object ID of the user signing in?
Within the SAML Token, are you able to correctly see the user's First and Last name?

When it comes to having Azure AD get the correct names or mapping the correct values to attributes, have you looked into the AttributeStatement?

Single sign-on SAML protocol

I hope this helps!

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

Ed Jobe 196 Reputation points

2022-12-13T00:30:15.153+00:00

Thank you, We were finally able to find the place to configure the user name that gets transmitted to SAML. During certificate setup, it was under the Attributes & Claims section. We set the username to user.displayname.
JamesTran-MSFT 37,216 Reputation points Microsoft Employee Moderator

2022-12-13T22:49:44.397+00:00

@Ed Jobe
I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others", I'll repost your solution in case you'd like to "Accept" the answer.

Issue:
When a user logs in for the first time, their username is in the form of - https://sts.windows.net/######-####-####-####-#########/:login[@](/users/na/?userId=b86545af-0000-0003-0000-000000000000).com, and you'd like to configure Azure AD so that SAML gets the correct username - i.e. First and Last Name.

Solution:
You were able to configure the username during the certificate setup under the Attributes & Claims section (setting the username to user.displayname).

Thank you again for your time and patience throughout this issue.

----------

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

Share via

SAML user name for SaaS is prefixed with sts.windows.net

0 additional answers

Your answer