Initializing help system before first use

Migrating an Existing System to SSO

There are several scenarios in which the usernames of the existing accounts in Xpress Insight do not match those in the IdP. This is a common occurrence when migrating a system that was using LDAP for authentication.

The SSO feature addresses this issue by supporting a second username attribute. When a user is forwarded from the IdP to Insight with a value set for this attribute, Insight attempts to match the value to the username of any existing account. If a match is found, the account is updated to have the new username.

There is an attribute that can be used to perform this mapping from legacy to new username. The insight.server.security.saml2.attribute-names.legacy-username=legacyUsername attribute is configurable in the server properties file.

Parent Topic Managing Single Sign-On Users

© 2001-2025 Fair Isaac Corporation. All rights reserved. This documentation is the property of Fair Isaac Corporation (“FICO”). Receipt or possession of this documentation does not convey rights to disclose, reproduce, make derivative works, use, or allow others to use it except solely for internal evaluation purposes to determine whether to purchase a license to the software described in this documentation, or as otherwise set forth in a written software license agreement between you and FICO (or a FICO affiliate). Use of this documentation and the software described in it must conform strictly to the foregoing permitted uses, and no other use is permitted.