Good day everyone,
I have a community member who has changed companies and I need to update his email. Our community is private so there is validation via SSO.
What is the best way to change his email so he can still have all credentials earned?
Community Admin > Mod Tools > Edit Users?
What about the SSO ID? Does that say the same?
Solved! Go to Solution.
Hey Toby - What is the SSO platform you use? My guess is you would need to change it in there, and it will automatically change downstream in Khoros the next time he logs in. This is how a lot of integrations work I think, but each is kind of unique so depends on how your systems/integration flow is setup.
I'll use our own SSO integration as an example:
We utilize OKTA as our IDP, so OKTA is master, community is slave. Any changes in OKTA are passed downstream into Khoros, while no changes from Khoros are passed into OKTA. It's a one-way street.
So if we want to change a users email, we change the email address in OKTA, but their SSO ID (1234) doesn't change which is what is linked to Khoros (1234), thus that common connection between OKTA->Khoros still exists. As soon as the user logs in via SSO, during that connection, OKTA is pushing into Khoros any updates that have since been made. If you only change the email in Khoros, as soon as the user logs in next time, OKTA is going to overwrite that change.
Using mod tools would generally be when not changing email address but switching to an entirely alternative account - So if in your IDP you had email@example.com (sso id 1234) which would still exist, but now you want me to use firstname.lastname@example.org (sso id 5555) - You could change my Khoros account to be 5555, so if email@example.com logs in, they'll now have access to khoros account 5555, not 1234 anymore.
I melted my own brain typing this out, and doubt it makes any sense, but I tried, lol. SSO is one of those things I think I understand pretty well at this point, yet I also question if anyone truly understands any of it.
"yet I also question if anyone truly understands any of it."
I understand it is virtual lock and key 🙂
This was easier to do in Jive 😞
Thanks for the help @StanGromer
Closing the door on this. Here is what I did:
The user is all set because the unique SSO ID associated with the new email has been applied to the historic account.