cancel
Showing results for 
Search instead for 
Did you mean: 

First name and Last name doesnt show up in Build work zone std edition

Juliuspereira
Active Contributor
0 Kudos
1,043

Hi,

We have configured SAP Build work zone standard edition and it works as expected. We are connecting to the corporate IdP (Azure AD) for authentication directly (without an identity authentication service/ tenant in between the corporate IdP and BTP)

We have noticed that the first name and the last name doesn't show up correctly in the name field. It seems to be adding the first part of the email address as the first name and the domain as the last name.

We have tried setting family_name with user.surname and given_name with user.givenname in Azure AD

We have also tried setting first_name with user.givenname and last_name with user.surname in Azure AD

But we still do not see the proper name displayed in the build workzone launchpad user menu, settings.

We reached out SAP through a ticket and they say that its standard behavior. That doesn't seem correct. Does anyone from product management or any one have any insights into this?

Thank you

Julius

Accepted Solutions (0)

Answers (1)

Answers (1)

florian_buech
Product and Topic Expert
Product and Topic Expert

Please ensure the attributes are sent as required per the following documentation: Map User Attributes from a Corporate Identity Provider for Business Users | SAP Help Portal This will also depend on your Azure AD / IAS setup (using federation or not).

Juliuspereira
Active Contributor
0 Kudos

Yes we have tried that but it doesn't work. I'll wait for an update on the ticket. Thank you.

florian_buech
Product and Topic Expert
Product and Topic Expert
0 Kudos

Assuming you are using the recommended OIDC-based trust between IAS & BTP, please ensure the attributes are sent in the following way:

  • E-Mail = email
  • First Name = given_name
  • Last Name = family_name

If you are not using the identity federation (i.e. the claims from Azure AD are forwarded "as is"), please the claims are configured as required. Otherwise, please ensure the IAS-level attributes are configured in the required pattern referring to the corp. IdP attributes.

Please also double-check both XSUAA & WZ application: De-mystifying SAP Cloud Identity Services Integration with SAP Build Work Zone | SAP Blogs

Lastly, please confirm the attributes above being issues by IAS as required in the OIDC token via the troubleshooting logs: Logging OpenID Connect Tokens | SAP Help Portal

eduardo_andrade
Explorer

Thank you @florian_buech, your answer helped me to create this mapping and for me it is properly working 🙂

I was facing the same problem, when the users logged in using Azure AD the user was created at the Subaccount without First and Last Name. I did the mapping described at https://help.sap.com/docs/cloud-identity-services/cloud-identity-services/enrich-assertion-attribute... and now works fine.

Your link was really helpful, now I know where to find this kind of information.

 

 

Brian_Stempien
Explorer
0 Kudos

I have been struggling with the same thing.

I have made progress. I can make the Corporate Identity Provider send forward First and Last name now.

I added email and profile scopes and removed the offline_access scope that came from a different Blog. These are added to the Corporate Idp -> OpenID Connect Configuration.

However, there are still issues. From my reading if have "Use Identity Authentication user store" turned on in the Corporate IdP, then IAS should be able to add its Attributes to the JWTpayload that is passed to the Application. After some trial and error, I have found that if I turn that switch on and in the Application -> subacct -> Attributes I configure "groups" to include Corporate Identity Provider value groups, then it passes the Entra groups Ids forward. If I login with a user that is only in the IAS, then it passes the IAS Group names. However, if I have the user in IAS with matching login name and email to the Corporate Id Provider, that doesn't send the groups forward.