Generating workload usernames based on email
CDP offers an option to generate workload usernames for CDP users based on user email addresses.
By default, workload usernames are generated using the identity provider user ID. For
SAML logins that is the SAML NameID
, for SCIM that is the SCIM
userName
, and when using the CDP APIs that is the
identity-provider-user-id
. Sometimes the identity provider user ID is an opaque
ID, like a uuid or employee ID, which gives equally opaque workload usernames.
Alternatively, you can generate workload usernames based on users' email addresses
instead of using the default workload usernames. For example, if your
identity-provider-user-id
is 8d16a2ea, and your email is bob@example.com, by
default your workload username will be "8d16a2ea". If you choose to generate workload usernames
by email, your workload username will instead be "bob".
Steps
When creating or updating an identity provider in CDP, you can check the Generate workload username by email box to have workload usernames generated based on email addresses.
iam create-saml-provider
) or update (iam
update-saml-provider
) a SAML provider by using the
--generate-workload-username-by-email
or
--no-generate-workload-username-by-email
flags.
See:iam create-saml-provider --help iam update-saml-provider --help