Administrator group permissions removed after the SAML email attribute mapping is changed in Symantec App Center
Last Updated July 26, 2013
When SAML authentication is configured in Symantec App Center as the IDP and the "Email Attribute" mappingis changed to a value other than "EMailAddress", any account who is a member of the Administrators group will have their Administrator permissions removed\revoked.
The end result will be that a user in the Administrators group will now have access to the End-User Portal only (i.e., the user will be unable to access the Symantec App Center Admin Console).
No error message(s) will appear.Users that are members of the Administrators Group will have now access to the End User portal only and will be unable to access the Symantec App Center Admin Console.
The user's email address is used to identify users with the SAML IDP.If the email attribute is changed, then at the next log-in, the user is seen as a new user, and any previous roles/permissions granted are lost.