Azure AD: attributes “UPN” and “mail” differ from each other
The following guide applies solely to Azure AD connections with single sign-on via SAML!
When using our Phishing Simulation and E-learning via SAML, the address that your Azure AD provides to us via SAML should be the exact same as the one in our user list. To check this, follow the steps below:
Step 1: Make sure that the SoSafe user list contains the correct attribute.
Go to the SoSafe user list and chcek that it contains an email address with which the users can receive emails.
If this is not the case, please fix this:
If you are using the manual user list, do so with a new Excel import.
If you are provisioning via Azure AD, please provision the corresponding attribute and contact your support consultant at SoSafe if necessary so that the correct value is selected. Azure AD > Enterprise Application > Provisioning > Edit attribute mappings > Mappings
.jpeg?inst-v=f30b2fc9-24b4-44c5-8a07-43dd98bee440)
Step 2: Make sure that the same attribute is conveyed in the SAML application.
Go to the Azure AD Enterprise Application you have created for SoSafe, and then go to
“Single sign-on" > Box 2 “Attributes & Claims” > Edit
Replace the value for the claim name “Name ID” with the attribute provisioned in the SoSafe user list:
.jpeg?inst-v=f30b2fc9-24b4-44c5-8a07-43dd98bee440)
.jpeg?inst-v=f30b2fc9-24b4-44c5-8a07-43dd98bee440)
Test SSO access - done!