Having SAML and G Suite configured on the same instance may cause inconsistencies over users data

XMLWordPrintable

      Summary

      Having a G Suite integration for the same domain being used in a SAML integration can cause inconsistencies over the managed users data.

      Steps to Reproduce

      1. Create a user in G Suite with the email user@test.com and last name userGSuite
      2. Integrate G Suite in the instance for the domain test.com(this should generate a user in user management for the G Suite user)
      3. In your IdP create a user with the same email(user@test.com) and last name userIdP
      4. Create an organization do the SAML setup with your IdP

      Now when the user logs in the instance with SSO his user full name will be updated to userIdP and when a sync from G Suite runs it will be updated back to userGSuite

      E.G using André Kasper(Gsuite) and André Kasper(Azure):

      After login out and in:

      Again, this will be set back to André Kasper(Gsuite) on the next google sync and to André Kasper(Azure) on every login.

      Notes

      Also, when having an organization using the domain and then verifying it in google and integrating with GSuit the SAML domain will be flagged as SUPERSEDED and the SAML integration will stop working until you verify the domain again.

      Workaround

        1. G Suit.png
          236 kB
          André K.
        2. IdP.png
          235 kB
          André K.

            Assignee:
            Unassigned
            Reporter:
            André K. (Inactive)
            Votes:
            1 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: