This article addresses an issue where the Entra AD Object IDs of the users are displayed instead of their Display Names or Email addresses in the Unity Version Control client, despite a correct SSO/SAML configuration. The problem was identified as a misconfiguration in the SAML settings. By updating the server.conf file with specific Graph API URLs and ensuring the correct client secret value, the issue is resolved, allowing users to see their Display Names and create repositories.
Symptoms:
- Users are unable to authenticate from the Unity Version Control client or run any operation, receiving an error such as:
Unknown user: '8c958fca-5cc5-49c1-b4ed-7b5c4f096925'(any GUID). - Any operation users try from the CLI or GUI ends in the same "Unknown user" error.
- The login from the Dashboard appears to be successful, although later any operation fails.
Cause:
The issue is caused by incorrect SAML settings in the Unity Version Control Server configuration (specifically the Graph API URLs and the client secret value) when Azure GCC High is used.
Resolution:
- Ensure that the Issuer (on the web) or the "SAML Authentication - Application (client) ID:" in the CLI is preceded by 'spn': (for example, spn:8cc80627-f661-4f21-9e5c-ad45a4ccfdea).
-
Ensure the
server.conffile in the server binaries folder is updated with the following lines inside the<SamlSettings>tag:<SamlSettings> ...existing fields... <GraphApiBaseUrl>https://graph.microsoft.us</GraphApiBaseUrl> <GraphApiLoginUrl>https://login.microsoftonline.us</GraphApiLoginUrl> </SamlSettings> - Verify that the client secret value used is correct and matches the expected length (usually 40 characters).
- Restart the Unity Version Control Server to apply the changes.
- Confirm that the Display Names of the users are now shown correctly in the Unity Version Control Client and that they can create repositories without encountering the "Unknown User" error.
More Information:
This Microsoft article explains national URLs in more detail.