We have a current SSO Integration with OneLogin/AD Directory which leverage email address and the userid is not populated. We understand that we have to map existing UserID, FIrstName, LastName and EmailAddress to our Active Directory. Also it mentions that when we switch to SAML the process is irreversible and user not found will be unable to access the control room. Our questions are:
- Can a SAML integration with AA use email address as the userID?
- Is JIT Provisionning supported with SAML once it has been enable or will we have to provision user in AA by manually creating a userid each time we are adding a user?
- Is there any mechanisms to support both ID/Pwd AND SAML integration? If not, is there a process we should follow to enable SAML integration and not lose the ability to administer AA if something does not work?
- What happen if we enable SAML and none of our user are able to login anymore?