SAML SSO - Manage user accounts

Hi,
We have SAML SSO active for our organisation. An employee has moved divisions within teh organisation, resulting in a network username and email address change. I cannot see within Organisation Settings | Members how to either i) edit an account to update the username and email address, ii) merge two user accounts together, or iii) re-assign content ownership from one user account to another?
What is the community thoughts or experience?
Thanks.

1 Like

I’m not sure if you can edit the email…Asana support is going to need to help me on that one.

I think the way the merging of accounts would work is you would need to set up the 2nd email before deleting access to the first. Basically, you would:

  1. Create new email account
  2. Have person add 2nd email in “To Email” tab of My Profile settings
  3. Authenticate adding of 2nd email (click email that’s sent to that account)
  4. Now user can log in via either email and Asana accounts should be “merged.” (There really never was a 2nd account created since you added the email to an existing account)
  5. Optional, but you could have user remove old email from Asana account once new email is working to log into Asana

Todd
Asana Training

2 Likes

@Jason_Allen you might also want to look into deprovisioning the old account and then reassigning those tasks to the new account. Take a look at the deprovisioning section of this guide article and please let us know if you have any other questions :smile: https://asana.com/guide/help/premium/admins

Thanks Todd and Alexis.
Asana really need a better administrative process for handling changes in email addresses and migrating of accounts.

2 Likes

@Jason_Woods thanks for that feedback. I’ll send it along to my team and add the context you provided at the beginning of this thread. :slight_smile:

@Alexis any feedback from the team or indication of roadmap for making this better?

@Jason_Allen When we collect this type of feedback we group it by theme. At this point I am unable to speak to a specific roadmap on this topic, but I can definitely say the product team is keeping track of the suggestion and other suggestions like it. :slight_smile:

@Jason_Allen Sara from Customer Success here :slight_smile: to clarify your feedback, are you looking for administrative ability to associate multiple email addresses with a user profile, rather than asking the user to perform that action him/herself? What makes for a better administrative process?

1 Like

Hi Sara, as we have multiple email domains a user could change their email address due to role promotion, secondment, sideway move etc. The user will not consider adding or removing their old/new email address to their Asana account, and may even not have access to the new email address or the old email address due to changeover.

Thus, they’ll logon to Asana with SAML and have a new account (with their new email address) and no access to their previous Asana account.

Admin currently has no access to merge accounts together, or update the email address(es) on their account. Meaning all we can do is manually re-assign all tasks, etc.

1 Like

@Jason_Allen, a user can merge accounts after changing over email addresses to ensure they don’t lose access to their account. If they create an account with their new email address and then merge accounts (more here: Managing your account settings | Product guide • Asana Product Guide). As long as emails are redirected from their old email, they’ll be able to click on the verification link and sign in with their new email to see all their old content.

This is all done from a user perspective, however – admins can’t take these actions on behalf of a user right now. We’re taking a step in that direction with SCIM provisioning with our Enterprise product, which allows for automatic provisioning and deprovisioning of users (Learn about Asana Enterprise features • Asana Product Guide). I’ll definitely file your feedback around user management to our Admin Empowerment team, as well! Thanks.

2 Likes

I have the same problem, for a different reason. I have a user whose name has changed and am trying to update their email address across all systems. The previous user explicitly said they are using SSO (as we are as well) and the link you provide for merging accounts explicitly states that this cannot be done in SAML/SSO accounts. For a SAML/SSO configuration is there any way of updating the user email (either from the end user perspective, or administratively) short of configuring SCIM provisioning (not yet deployed in our config). If it is possible through SCIM is it possible to do through API even though you don’t have the option exposed through the GUI?