Improve User Guidance for Linked Local Accounts - Githubissues

wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.

http://wso2.github.io/

Apache License 2.0

748 stars 729 forks source link

Improve User Guidance for Linked Local Accounts #20017

Open movinsilva opened 8 months ago

movinsilva commented 8 months ago

Describe the issue

The current hint provided under "Validate linked local accounts" under "Linked Accounts" within the "User Attributes" tab in an application in the console lacks clarity regarding its purpose.
Users may not readily understand that this option needs to be selected to link the local user account created in scenarios such as federated logins through JIT provisioning.

Screenshot 2024-03-15 100628

The hint could be enhanced to clearly convey that enabling this option is necessary to link the local user account created during federated logins via JIT user provisioning.

How to reproduce

Create a new connection (google) and add JIT user provisioning.
Create a new standard based application and enable app native authentication API.
Configure the application by giving the redirect URL, allowed origins, and enable code grant type.
Use the API based authentication flow to login using the added federated login through the redirect url.
Call scim2/me endpoint by setting the authorization header using the access token.

Environment

IS 7.0

Additional context

Failure to select this option results in the linked account not being associated with the one created through JIT user provisioning. Consequently, users will encounter difficulties accessing "scim2/me" endpoints, leading to a 404 error.

Screenshot 2024-03-15 112345

Achintha444 commented 8 months ago

We can also change the default state of this check box to true, as most users will require to linked the account with the JIT provisioned user.