SAMLEmailIDType: Controlling Username Format for SSO Authentication
LAST UPDATED: MAY 6, 2025
The SAMLEmailIDType key controls how the D3 system matches usernames during single sign-on (SSO) authentication with a SAML identity provider. It determines whether the system uses the full email address or only the local-part (portion before the "@") from the SAML username to identify the user's D3 account.
Navigate to Configuration > Application Settings > Web Config.
-20250502-224950.png?inst-v=f131e074-2146-4c79-a1cb-410b2a8cc313)
Scroll down the panel on the right-hand side until SAMLEmailIDType appears.
Behavior
SAMLEmailIDType | Username Match Behavior | D3 vSOC Login Page Username |
|---|---|---|
FALSE | Matches the full email address. | demo@d3security.com |
TRUE | Matches the portion of the email before "@". | demo |
Users begin the login process by submitting their full D3 vSOC username on the D3 vSOC login page.
READER NOTE
Redirection to the identity provider's authentication portal occurs only when the following two conditions are met:
The entered D3 vSOC username exactly matches a value listed under Configuration > Organization Management > Users > Username.
See Creating Users.
SAML login has been configured as the authentication method for the user.
At the redirected identity provider authentication portal, users are prompted to enter their SAML credentials.
-20250506-185641.png?inst-v=f131e074-2146-4c79-a1cb-410b2a8cc313)
Upon authentication, this email—either in its full form (e.g., support@d3soar.com) or in its local-part form (e.g., support), depending on the SAMLEmailIDType setting—is used by D3 to match against the usernames listed under Configuration > Organization Management > Users > Username. Access is granted if a corresponding match is identified.
