External SAML IdP integration - multiple issues
Hello,
Using Zitadel v4.2.0 - we are trying to enable an external SAML IdP. We are encountering a number of issues and the documentation doesn't seem to be helping much. The metadata has been uploaded, and the SAML is activated at the instance level.
The two main issues:
- Account auto-linking doesn't seem to work, or I don't know where to enable it. Either the account creation form is shown, or an error message is displayed if I disable manual account creation.
- After adding and activating an IdP, would expect to be able to add external identities to users but in the console, there doesn't appear to be a way to do it. The External Identity Provider screen for all users just shows
Any help would be greatly appreciated, including steps to troubleshoot the auto-linking.
Thanks!
Nicolas
Using Zitadel v4.2.0 - we are trying to enable an external SAML IdP. We are encountering a number of issues and the documentation doesn't seem to be helping much. The metadata has been uploaded, and the SAML is activated at the instance level.
The two main issues:
- Account auto-linking doesn't seem to work, or I don't know where to enable it. Either the account creation form is shown, or an error message is displayed if I disable manual account creation.
NameID FormatNameID Format is set to SAML_NAME_ID_FORMAT_EMAIL_ADDRESSSAML_NAME_ID_FORMAT_EMAIL_ADDRESS, but Zitadel doesn't appear to be making use of the NameIDNameID provided by the IdP. When looking at the request, the SAML subject is provided as shown below. I would assume Zitadel would be able to match it to the user with the same email address?- After adding and activating an IdP, would expect to be able to add external identities to users but in the console, there doesn't appear to be a way to do it. The External Identity Provider screen for all users just shows
No external IdP foundNo external IdP found. I thought this could help with the auto-linking.Any help would be greatly appreciated, including steps to troubleshoot the auto-linking.
Thanks!
Nicolas
