Who is this article for?

Users who manage User details in their organisation.

Administrator permissions are required.

Organisations will sometimes change their email domain, meaning that Users’ email addresses change from somebody@olddomain.com to somebody@newdomain.com.

Where the old domain is maintained and Users are able to continue to use their old addresses, this doesn’t affect the application. However, Users will sometimes want to change the email address used in the system to the new domain.  This article discusses the updates required.

1. Changing emails
2. Effect on authentication
   • Windows
   • Single Sign-On (via SAML)
   • Forms-Based Authentication (FBA)
3. Effect on Admin accounts

1. Changing emails

To change the email address used for receiving notifications:

1. Access the desktop application.
2. Go to the Staff module.
3. Select the User.
4. Scroll down to Email in the Properties panel.
5. Make the change.
6. Click Save. 

You will need to replicate these changes in the Contacts screen in the Audit Universe.

2. Effect on authentication

There are three possible authentication methods, two of which are affected by an email address change.

Your system might use more than one authentication method. For example, staff may log into the desktop application using Windows authentication, while Contacts log in to the WebUI using FBA.

It is necessary to consider all User categories when reviewing the information below.

Windows

With Windows authentication, User identities are specified in the form domain\Username.  Email addresses are not involved in the process, so no further action is required.

Single Sign-On (via SAML)

With SSO via SAML, desktop app Users will be presented with the below login screen (matching your brand.

WebUI Users will be presented with a login screen displaying Use Single Sign-on at the bottom.

For affected Users, their identity is their network UPN, which might be the same as their email address.  In the User Management screens, this will appear as shown.

You should check with your IT team whether the User's UPN will change with their email address.

If so:

1. Add a new identity with the new UPN.
2. Wait until the domain change has happened.
3. Click the Active tick.
   It will change to a red cross, marking the User as Not Active.
4. Click Save.

We advise against changing existing identities to avoid the risk of locking Users out of the application if there are issues with the domain change.

Forms-Based Authentication (FBA)

With FBA, desktop Users will be presented with the below login dialog.

WebUI Users will be presented with the below login dialog. Unlike SSO via SAML, it doesn't display the Use Single Sign-on prompt.

In this case, the User’s identity will be their email address.

Due to the way FBA works, changing this email address value will break authentication for that User and they will be unable to log in.

To complete the change correctly:

1. Change the email address assigned in the Properties Panel.
2. Right-click the User.
3. Click Add FBA Identity.
   This is the same process as setting a User up for the first time.
4. Ask the User to follow the instructions in the email.
5. Confirm that the User is able to log in using their new email and password.

After the User has logged in successfully, you can mark their old identity as Not Active.

3. Effect on Admin accounts

Setting the identity you are currently logged in as to Not Active will immediately lock you out of the application.

Ensure that you are logged in with your new identity before setting your old identity to Not Active.