3 Replies Latest reply on May 4, 2018 3:54 AM by john_reynolds

    Updating usernames

    Bryce Gilhooly

      Hey Jive Developers,

       

      I was hoping to get your take on a rather unique issue that we're having with usernames, API and SSO.

       

      A bit of context behind the query, we're on 7.0.2.0 (Hosted) and are trying to create usernames that are unique to the user. Currently the users email is the username.

       

      The problem that we noticed is that an email is unique to the user for the duration that the employee is with the company however if they leave the company and another employee is hired (several months later) with the same name, we run into issues as the external identifiers will not matching with the users email / account. If we remove the external identity from disabled users, there is a risk that new employee's may inherit the existing account.

       

      My intended ideal solution...

       

      We have a script that runs nightly and connects to the API and our internal AD servers to see if a users account is disabled in AD, if it is, the account will be disabled in Jive through the API. I suspected it would be simple enough to update the username for disabled users from john.smith@shaw.ca to john.smith@deactivated to mitigate the issue. However it appears that the username field cannot be changed with the API once the user is created; however the username can be changed through the admin console (not sure if anyone can explain why?).

       

      I would love to hear any advice on the situation, or possible alternatives that other folks may have done.

       

      Cheers,

      Bryce.

        • Re: Updating usernames
          Nik Edmiidz

          Hi Bryce, any update on this?  Is it possible to update the username field with APIs for an existing user?

           

          This Jive REST API v3.14 → Jive entity  documentation seems to suggest not.

            • Re: Updating usernames
              Bryce Gilhooly

              Hey Nik,

               

              We've moved to Cloud since I posted this. Currently on 2016.3.10. I'm not sure if anything changed since then, or if I'm just getting smarter with age - but I was able to update an account's username with the REST api.

               

              I did a GET on /people/username/kevintest

              Then I changed the .jive.username field to 'brycetest'

              Converted the whole object back to JSON

              Did a PUT on the .resources.self.ref endpoint and sent the JSON body

               

              Voilla! User updated:

               

              As an aside relating to the issue I initially posted... We ended up sending the ObjectGUID from Active Directory as the Name ID in our SSO claim, this way if two users have the same email, the new user will not inherit the old account. We address these as one-off scenarios. Although I may have to update our script now that I know this

               

              Hope that helps,

              Bryce.

              1 person found this helpful
                • Re: Updating usernames
                  john_reynolds

                  Nice solution, Bryce. I've worked with SSO systems a lot and I can't stress enough to make sure the unique ID in an SSO system isn't just unique but immutable. We all know that nothing in IT is ever truly immutable, but you want to make sure the ID used will have as much longevity as possible. The objectGUID from AD is the perfect choice because it will last as long as the user is maintained in a given domain.

                   

                  And Nik, I seem to recall the ability to update the username with the API came about in the past few years, but it wasn't always like that.

                  2 people found this helpful