Salesforce

With SSO configured, user receives "First Name cannot be blank. Last Name cannot be blank." when logging into HighBond

Printable View
« Go Back

Information

 
Content Detail


Problem

With SSO configured, user receives "First Name cannot be blank. Last Name cannot be blank." when logging into HighBond.

image.png

Environment

HighBond with SSO
 

Cause

When SSO is enabled, HighBond uses just-in-time provisioning to create an account for a new user as they log in. This requires the user's email address as the unique identifier and also their first and last name, which are sent as part of the SAML response from the Identity Provider (IDP) during the login process.  The error is stating that the name is not present as part of the response.


Steps to solve

A few things to check:
  • As part of SSO configuration, attributes for the first and last name, or both together under a single attribute called "name" need to be configured. For the name attribute, the first and last name should be separated by a space, ie. as first_name + " " + last_name. Configuration steps vary on the IDP being used, but we have an example in our Microsoft Azure IDP SSO configuration article.
    • The attribute name is case-sensitive, so ensure it is entirely in lowercase.
 
  • If the name attribute has been configured, it's possible that the variables used for the first and last name don't actually contain name information for all users in Active Directory, so when a user logs in the value is either blank or incomplete. If individual users are seeing this error, they may need to have their details updated in AD to ensure the name comes through. If all users are seeing the problem, it may be better to reconfigure the name attribute to use different AD values.
    • Any values can be used as long as the overall format comes out to first_word + “ “ + second_word so HighBond will understand it. For example, some customers have replaced one or both names with values like email alias, employee ID, or employee number.
 
  • If needed, you can verify what is actually being sent from the IDP to HighBond by examining the SAML response during the login process. This will help to show if the name attribute is being included and if it contains the first and last name in the expected format. The exact process to view the response depends on the browser being used, but this link has some good instructions: https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_saml_view-saml-response.html
 
  • The name is technically only needed for creation of a new account in HighBond. It's possible to work around this issue by first adding a user to the HighBond organization manually and setting a name for them, as afterwards they will be able to log in even if just their email address is sent in the SAML response. As a note, the user will not receive an invitation email when added to the org as an account activation is not required with SSO enabled. It is recommended though to fix the issue with the suggestions above, as otherwise all new SSO users will likely need to be added manually.
TitleWith SSO configured, user receives "First Name cannot be blank. Last Name cannot be blank." when logging into HighBond
URL NameWith-SSO-configured-user-receives-First-Name-cannot-be-blank-Last-Name-cannot-be-blank-when-logging-into-HighBond
Powered by