Good day everyone,
I have a community member who has changed companies and I need to update his email. Our community is private so there is validation via SSO.
What is the best way to change his email so he can still have all credentials earned?
Community Admin > Mod Tools > Edit Users?
What about the SSO ID? Does that say the same?
Solved! Go to Solution.
Hey Toby - What is the SSO platform you use? My guess is you would need to change it in there, and it will automatically change downstream in Khoros the next time he logs in. This is how a lot of integrations work I think, but each is kind of unique so depends on how your systems/integration flow is setup.
I'll use our own SSO integration as an example:
We utilize OKTA as our IDP, so OKTA is master, community is slave. Any changes in OKTA are passed downstream into Khoros, while no changes from Khoros are passed into OKTA. It's a one-way street.
So if we want to change a users email, we change the email address in OKTA, but their SSO ID (1234) doesn't change which is what is linked to Khoros (1234), thus that common connection between OKTA->Khoros still exists. As soon as the user logs in via SSO, during that connection, OKTA is pushing into Khoros any updates that have since been made. If you only change the email in Khoros, as soon as the user logs in next time, OKTA is going to overwrite that change.
Using mod tools would generally be when not changing email address but switching to an entirely alternative account - So if in your IDP you had email@example.com (sso id 1234) which would still exist, but now you want me to use firstname.lastname@example.org (sso id 5555) - You could change my Khoros account to be 5555, so if email@example.com logs in, they'll now have access to khoros account 5555, not 1234 anymore.
I melted my own brain typing this out, and doubt it makes any sense, but I tried, lol. SSO is one of those things I think I understand pretty well at this point, yet I also question if anyone truly understands any of it.
"yet I also question if anyone truly understands any of it."
I understand it is virtual lock and key 🙂
This was easier to do in Jive 😞
Thanks for the help @StanGromer
Closing the door on this. Here is what I did:
The user is all set because the unique SSO ID associated with the new email has been applied to the historic account.
Hi @StanGromer -
A follow-up question for this:
Once I have successfully merged the accounts, they both have the same email address so the community is getting alerts for the main username and the temporary one set up for the merge.
To stop alerts on the unused profile, may I got to Community Admin > Users > Edit Users > then close the profile? Or changes the email on the account?
What is the best way to stop alerts for the unwanted profile?
@Toby We usually add something like ".old" to the end of all old usernames/email addresses, helps us easily identify previously changed accounts, and it 'breaks' them in a sense so they won't get notifications like above!
Thank you @StanGromer - so changing the email address on the old account will not impact the new one? The username does not really matter; it's the email address that is important?