o365-moodle icon indicating copy to clipboard operation
o365-moodle copied to clipboard

Published 20 hours ago verified publisher icon microsoft

Office365 email change not updating Moodle username

Open kinnectus opened this issue 6 years ago • 3 comments

We would like to understand how a name change in Office365 is reflected into Moodle when using this plugin.

Scenario: User changes name (marriage, divorce etc.) so their email address/UPN is amended accordingly in Azure. User can successfully log in to Moodle and their details (email, first name, surname etc.) update according to settings defined in the mapping settings under "user sync". The only field that does not get updated (and cannot be controlled through the mapping settings) is the Moodle username (which is greyed out when the user's auth type is set to "OpenID Connect").

The fact the user can successfully log in to Moodle using their new email address and it successfully connects to the correct Moodle profile suggests that the username field has some important meaning to the very first time the Moodle profile is created for that user and that the username field should never change or it will break the Moodle profile relationship and cause login errors.

We would like some information (even an ability to begin a paid support call if it is available) to understand the process because we have some issues and questions:

Should the Moodle username field update from Azure when a user's email address/UPN is changed?

  1. Should the Moodle username field change for a user when their email address/UPN is changed in Azure?
  2. If the Moodle username SHOULD change, at what point DOES it change?
  3. If the Moodle username SHOULD NOT change how does searching for user (using Moodle user search page) by username be useful?
  4. If the Moodle username SHOULD NOT change what username would be used for a new Azure user who re-uses a previously renamed email address/UPN? (e.g. If [email protected] changed their name to [email protected] then a new user called [email protected] could be created in Azure, but Moodle would complain (error?) that the username would already exist (if the username field for a Moodle user is required to remain unchanged) so an account could not be created).

If paid support from Microsoft is available, how can we raise this as we are unsure how this branch of Microsoft offering differs from typical support of flagship products and technologies?

kinnectus avatar Oct 03 '19 11:10 kinnectus

In our experience using this plugin, UPN changes are not properly handled, and result in corrupted Moodle accounts.

What happens to us is that we end up with two accounts with the email field mapped to the new email address, the old account and a new one. The old account retains the old UPN as its username, the new one gets the new UPN. What makes the accounts corrupted is that both are mapped to the same Azure Object ID within Moodle, so only one can ever actually be logged in to! We also have Moodle configured to disallow the same email address on multiple accounts, but this plugins behaviour breaches that setting.

The least-bad solution we have found is to manually fix the account by:

  1. deleting the new account
  2. using the Moodle Web Services API to change the username on the original account
  3. manually disconnecting the original account from the cloud and then re-connecting it

We also have a report running using the Ad Hock SQL reporting plugin to warn us of duplicated email addresses in the users table.

bbusschots-mu avatar Dec 07 '20 14:12 bbusschots-mu

The request here is to support upn changes in Azure AD, and update the username of the connected Moodle account accordingly.

weilai-irl avatar Jul 28 '21 15:07 weilai-irl

Subscribing to this, as this affecting us too.

As I see this issue: This should be configuration option for user sync. "Rename existing users if m365 username changes" or something like that . If this option is on, then user syncing should first match by comparing matched moodle users by objectid. Those are on oidc match table aren't they? If match is found , and current moodle username does not match username, start rename moodle user. Same should be done when user logins via oidc.

PetriAsi avatar Jul 19 '22 11:07 PetriAsi

@weilai-irl Any updates on this?

matthewblabey avatar Oct 21 '22 06:10 matthewblabey

@matthewblabey If you dare to test, check out my PR from my branch. At least it seems to work here, where all our moodle users are coming from 365.

PetriAsi avatar Nov 07 '22 08:11 PetriAsi

Hi all,

Please see my note at https://github.com/microsoft/o365-moodle/pull/2214#issuecomment-1580569613.

In short, the UPN change support will be added to the next release.

Regards, Lai

weilai-irl avatar Jun 07 '23 11:06 weilai-irl

Hi all,

This issue should be fixed by the feature to support Microsoft user UPN changes, which is released today.

Please check out the latest versions of the plugins and try out this feature.

I'm going to close this issue now, but feel free to reopen if you have any questions.

Regards, Lai

weilai-irl avatar Jun 28 '23 11:06 weilai-irl