Provision manager keeps changing the name of my synced users

MagnusP

For some reason, the Provision Manager user keeps changes the Display Name of my users. It seems to be doing this on and on on a daily base back and forth between two different name-layouts.
Has anyone seen this behaviour, and any points on how and where to troubleshoot?
(also mailed the support)

---

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: azuread/kubernetes-service
Referrer: forum-search:provision manager

graham_1P

Hey @MagnusP,

That generally points to a mapping issue with your users. Am I correct in guessing the DisplayName for your users in your identity provider is LastName, FirstName like Green, John?

Additionally there have been bugs in this area in the past. What version of the SCIM Bridge are you running?

Graham

MagnusP

Yes, or sort of. we have a segregated directory, but for most cases it typically looks like this: <Lastname>, <Firstname> <Location> - <department>
Where the Department is typically a three letter code.
For example. "Green, John UK - BBC" and using this same example it will keep changing between "John Green" and "Green, BBC" in 1password.
we are on the 1.3.1 version of the bridge
/Magnus

graham_1P

Hi @MagnusP

Thanks for the details.

Three follow up questions for you:

• What would you like the names of the 1Password Users to look like? John Green? Or would you prefer the inverted name with the department included?
• What identity provider (IDP) are you using?
• In your IDP, have you modified the user mappings from their default state? If so, how?

Graham

MagnusP

Either would be acceptable, but I would prefer the full inverted name, as it then matches our email displayname and provides some meaning to us.
AzureAD is the IDP
we have not modified any mappings as far as I am aware, but I was not the one who set it up. If you have some documentation on how it should look I can verify.

graham_1P

@MagnusP I believe the defaults look like the following:

By full inverted name you mean Green, John, correct? Or am I misunderstanding you?

There is not a setting to fix this directly in 1Password, but you can set up an Azure AD mapping function to eliminate the problem. Take a look at this AzureAD documentation page: https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/functions-for-customizing-application-data

Specifically I would use the Split and Item functions to break apart your display name and then Join them back together. Word is handy as well.

For example, given <Lastname>, <Firstname> <Location> - <department> as the AD displayname field, and wanting <Firstname> <Lastname> as the output, it would probably look something like: Join(" ", Item(Split([displayName], " "), 1), Word([displayName],0,","))

You probably can do better using the Word or Replace functions.

Let me know how that works.

Graham

MagnusP

No, I meant I would rather show the DisplayName as it is, ie "Green, John UK - BBC" if possible (but either is acceptable as long as it don't change every day.
Am I guessing correct that you use the "name.formatting" attribute in 1password? then there must be something wrong as it keeps changing the name of users as described above ( "John Green" and "Green, BBC"). how can I further troubleshoot this?

and the mappings look as in your example

btw,
There are a lot of mappings here, how many of these are actually used by your application, do you have a list? (concerned reg GDPR, as we want to store as little personal data as possible in your system, :-) )

cohix

@MagnusP We spoke via email so please let us know if you have any other questions :)