How Are Email Addresses Populated in External Authentication Systems?
Unlike systems using whitelist or local authentication, Single Sign-On or LDAP systems may have competing sources for the email address populated into a user's account. There is an order of prioritization which determines which source overrides another:
  1. Data Import File  
  2. Manual Entry
  3. Returned Authentication Attribute
When a user authenticates into the system via external authentication, the system receives a UID which is used to reference the corresponding record in the data import file. If there is an email address stored in the data import file, this is the address that will be populated into the user's account.

If no email address is found in the import file, the system will reference the email address that was returned through the external authentication (if there is one).

Exception: If the email address has been manually defined by an administrator or a member of Customer Support, the manually entered email address takes precedence over any address attribute returned through authentication.  If the manually entered email address conflicts with an email address provided by a new data import file, the address in the import file will overwrite the manually entered email address (since the data import file always receives first priority.)

If there is no email address defined in the data import file, no email address returned through authentication, and the email address has not been set manually for the user's account, the result will be an Administrator Portal system alert reading "There are users in the system without email addresses." The recommended resolution is to investigate why the user's email address is not in the data import file or to manually set the email address in the user's account. 

What If Sources Are Conflicting?
If the various sources of information that could provide an email address are in conflict, the order of prioritization will determine which email address will be included in the user's account. To help illustrate order of prioritization, consider the following scenarios:
  • Authentication v. Import File - Import File sets the address
  • Import File v. Manual Entry - Import File sets the address
  • Manual Entry v. Authentication - Manual Entry sets the address
The only situation in which authentication sets an email address is one in which no other sources have yet provided an address. Additionally, once an alternative sources provide an address, their responses will be prioritized over authentication.

What About My Whitelist Authentication System?
If your system uses whitelist authentication, the email address will be set and maintained via the data import file or manual entry. (Note: manual entry will be overridden by the data import file if in conflict.) There are two important differences to remember about email addresses and Whitelist authentication:
  • Maintaining Access: If an applicant user does not have an email address specified in the data import file (such as the user no longer being included in the file), their account will be deactivated until the address is restored (such as being added back to the file.)
  • Defining Sign In Credentials: Because the email address on file for applicant accounts is updated through the data import process, if the data import updates the email address on file this will immediately impact how the applicant signs into the system. In other words, the applicant must immediately start signing into the system with the new email address -- attempts to sign in with the old email address will be unsuccessful.
What about Email Aliases?
References and Reviewer users sign into the system using the email address provided by an applicant or administrator at the time the account was created on the user's behalf. By including Email Aliases on a user's account, the Reference or Reviewer may sign into the system using any of the additional email address aliases (besides the primary account email address.) Users will not receive email to any address listed as an alias. Email will only be sent to the primary email address in the account.