Released: April 8, 2026
Element451's SSO configuration for external users (students/contacts) now supports flexible user matching beyond email address. Previously, SSO authentication could only match users against their email fields, which created problems for institutions with complex email setups or students who don't yet have a provisioned email address.
This update introduces a new External SSO User Matching setting in Settings > Manage Users > Security, allowing administrators to choose the specific identity attribute used to match users during SSO authentication. The setting defaults to email matching, preserving existing behavior for all current configurations.
Email matching (default): Element451 matches the value returned by the identity provider against any of the user's email fields: primary email, email identity, or school email. No configuration change is required to maintain this behavior.
Identity-based matching: Administrators can switch to identity-based matching and select a single attribute from the following options: Primary Email, Email Identity, School Email, School ID, or Username ID. Matching occurs exclusively against the selected attribute.
Conditional display: The External SSO User Matching section only appears when an external SSO provider has been configured.
Institutions with complex email structures or students who lack a provisioned email at the time of authentication can now reliably log in using an alternate identifier, such as a school ID or username.
π Note: This update only impacts SSO for External Users. A future update will introduce an alternate SSO ID matching field for Internal (Admin) users.
