Username shows as random UUIDs for the VCF SSO JIT Provisioned users from Microsoft Entra ID
search cancel

Username shows as random UUIDs for the VCF SSO JIT Provisioned users from Microsoft Entra ID

book

Article ID: 419774

calendar_today

Updated On:

Products

VMware vCenter Server VMware Cloud Foundation

Issue/Introduction

  • VCF SSO is configured with below Authentication specification :
    • Identity Source -> Microsoft Entra ID
    • Authentication Method -> OIDC
    • Provisioning Method - JIT

  • Username field for the VCF SSO JIT provisioned users shows some random UUID instead of showing the actual username.



  • Users can successfully login to the vCenter Server with the right username. However, vSphere client shows the logged in username with same UUID.

Environment

VCF 9.x

Cause

  • "userName" VCF Identity broker User Attribute is a mandatory attribute which needs to be configured in VCF SSO. If userName attribute is not correctly set, then it will default to the claim attribute set against Unique identifier in OIDC Identity Provider.
  • In Entra ID, if this is mapped to 'sub' then the sub claim will be set as userName or if it is set as 'oid', then oid claim would set as userName. Hence, the Username shows as UUIDs taken it from the respective claim. More details about token claims is available in Microsoft Document ID token claims reference.

Resolution

Configure "userName" with OpenID attribute "preferred_username" for User Attributes in VCF SSO Configuration.

Sample user attribute configuration screenshot from VCF SSO:

Powered by Wolken Software