SPIKE: for BCeID user, can we get first name, last name and email information from the attribute mapping

[MCatherine1994]

Describe the task
Check if the BCeID attribute mapping can be updated to include first name, last name and email information in the token.

Acceptance Criteria

• Find out if it's possible to update the attribute mapping
• Check Cognito attributes that need to be updated
• Check Pathfinder SSO attributes that need to be updated

Additional context

• Add any other context about the task here.
• Or here

[ianliuwk1019]

Based on SSO Identity Provider Attribute Mapping.
(First Name/Last Name) will not be provided for BCeID account.

Based on SSO documentation, it's not possible for BCeID user to map First Name and Last Name into the token.
Perhaps, for "business" BCeID, first name and last name don't make sense.
We may consider using "Business Legal Name" or "Display Name".

Which would mean, if we like to display on our user table (UI), we may consider 3 columns (not sure if that will be too many columns):

• IDIR user: first_name, last_name,
• BCeID user: custom:idp_business_name
  @OlgaLiber2 @MCatherine1994

[OlgaLiber2]

@ianliuwk1019 we need to find out then how we can display first and last names of BCeID users. Business name does not make sense in this case.

[ianliuwk1019]

@ianliuwk1019 we need to find out then how we can display first and last names of BCeID users. Business name does not make sense in this case.

Ah~ yes, I forgot our search does contain first name and last name; so we can only get from our IDIM search, since they are not provided from Cognito/Pathfinder SSO.

[ianliuwk1019]

Reply from Conrad:

[OlgaLiber2]

@ianliuwk1019 whatever we need to do to make it happen. Does it make sense to get Conrad to help us with it?

[ianliuwk1019]

Also confirmed with SSO team. These fields are not available and can't be customizable.

[ianliuwk1019]

Hi @OlgaLiber2
I think we are trying to exploring the possibility to get first_name and last_name from Cognito for BCeID users.
The purpose I think is that we can get these information from the token so we can update into our FAM user table when user login again.
Since that's not possible from the Pathfinder SSO, we could still update to our FAM user table since we have the IDIM search already
(it just a bit inconvenient).

If we would have to have these information in the BCeID user token for some more critical business reasons, and as Conrad said to skip Pathfinder SSO and go directly to SiteMinder, that would be a architectural change on design and also big implementation change I think, also some political issues Conrad mentioned.
@basilv

[ianliuwk1019]

Closed this spike as it is confirmed we will not be able to get these attributes from Pathfinder SSO; mentioned and discussed with team.