Published Date: October 16, 2026
Validated: Yes
Audience: Everyone
Products and Versions Covered:
- Jama Connect® version(s)
- Cloud/CVC
- Self-hosted
Summary
This article explains how to update the required claim in Auth0 SAML for Jama Connect Single Sign-On (SSO). SSO may fail if the User Principal Name (UPN) in the Identity Provider (IDP) does not match the email address used in the users’ Jama accounts. By following this guide, readers will learn how to configure the IDP so SSO functions correctly, ensuring users can log in without authentication errors.
Resolution
Problem Diagnosis
- Verify that the UPN (for Azure Entra ID) or NameID (for Okta) is configured as an email address.
- If SSO is failing, it is likely because the UPN or NameID does not match the users’ Jama email addresses.
Solution Steps
Azure Entra ID (formerly Azure Active Directory):
- Navigate to your Jama Connect enterprise application in Azure Entra.
- Select Single sign-on from the left sidebar.
- Edit Attributes & Claims.
- Under Required claim, select the claim row to edit.
- On the Manage claim screen:
- Set Name identifier format to Email address.
- Set Source attribute to user.mail.
- Click Save.
- Test the configuration by logging in as a user assigned to the app.
Okta:
- Navigate to your enterprise application in Okta.
- Select the Sign On tab.
- Under Credential Details, set Application username format to Custom.
- Enter the expression:
user.email - Save changes and test SSO with a user assigned to the application.
Verification
- Ensure all users can log in via SSO without encountering authentication errors.
- Confirm that the UPN/NameID now matches the email used in Jama Connect.
Additional Resources
- Azure Entra ID: Customize SAML token claims
- Success Programs
- Success Catalog
- Datasheets
- Request a Solution Offering or Training from the Success Catalog
Feedback:
We welcome your input! Please sign in to leave any comments, suggestions, or ideas for improvement below.
Comments
0 comments
Article is closed for comments.