First Name and Last Name shows empty for VCF SSO JIT Provisioned users from Microsoft Entra ID
search cancel

First Name and Last Name shows empty for VCF SSO JIT Provisioned users from Microsoft Entra ID

book

Article ID: 419641

calendar_today

Updated On:

Products

VMware vCenter Server VMware Cloud Foundation

Issue/Introduction

  • VCF SSO is configured for Microsoft Entra ID identity provider with below Authentication specification:
    • Identity Source -> Microsoft Entra ID
    • Authentication Method -> OIDC
    • Provisioning Method - JIT

  • First Name and Last Name for the OIDC provisioned users shows blank values when verifying the users from vSphere Client -> Administration -> Users and Groups :



  • User Attributes are properly configured as below in VCF SSO settings :

    • userName -> preferred_username
    • firstName -> given_name
    • lastName -> family_name

Environment

VCF 9.x

Cause

This issue is caused when the Optional Claims are not configured in Microsoft Entra ID App Registration in Azure Portal.

Resolution

Add the following Optional Claims for the Microsoft Entra ID OIDC App Registration used for VCF SSO in Azure Portal.

  1. Login to Azure Entra ID portal.
  2. Select the Entra OIDC App Registration.
  3. Click on Token Configuration.
  4. Click on Add optional claim.
  5. Select Token type as ID.
  6. Select "family_name" & "given_name".
  7. Click Add.

    Sample configuration:


  8. Re-login to vCenter Server with the Entra ID account.
Powered by Wolken Software