When setting up custom IdP for SSO, 'unspecified' is being sent but IdP is expecting emailAddress (or some other format for nameID)
More specifically, this <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified”/> needs to be <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress”/> in the SAML
For nameID policy format we send 'unspecified' as default by design, it shows that CloudSOC will accept any format that is specified by the IdP. Making the change for emailAddress format nameID will have regression for other configured IdPs... It will restrict other IdPs to define their nameID as emailAddress. Please check the documentation for your IdP on how to take advantage of this.
Subscribing will provide email updates when this Article is updated. Login is required.