3512235 - The E-Mail attribute in BTP Users menu has the value <sub value>@user.from.sap.custom.cf

Symptom

You have established BTP <=> IAS <=> Microsoft Entra ID for user authentication.
You've disabled Identity Federation, which means IAS only acts as a proxy to take all assertion attributes and Subject Name Identifier from the corporate IdP assertion and sends them to the application.
"Create Shadow Users on User Logon" is enabled for IAS IDP at BTP.
When user first login to BTP, the shadow user will be created in BTP Users menu.
However, the E-Mail attribute in BTP has the value <sub value>@user.from.sap.custom.cf, where <sub value> is the value of Microsoft Entra ID's Subject Name Identifier.
The expected behavior is that E-Mail attribute in BTP has the correct e-mail address.

Environment

SAP Cloud Identity Services
Business Technology Platform

Product

BTP all versions ; SAP Cloud Identity Services all versions

Keywords

user.from.sap.custom.cf, btp, ias, azure ad, e-mail address, mail, wrong e-mail, wrong mail, oidc, saml, Microsoft Entra ID , KBA , BC-IAM-IDS , Identity Authentication Service , BC-CP-CF-SEC-IAM , UAA, Authentication, Authorization, Trust Mgmnt , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.