At my company, we use SSO to allow students to sign in to our help forums using the email they provided when signing up for our service. This works fine unless we have siblings sign up with the same email address. When this happens, it seems like there’s one account tied to the email address (maybe the first student that logged in?) that both students share. I usually can fix this issue by requesting unique email addresses for each student and changing the email addresses we have on file in our company’s DB. I tried this recently, but it seems like the data associated with the original email address does not belong to the email address but rather is scoped to the username. Is this the intended behavior? Did something change with a recent update (we’re on 2.9.0beta9).
For a concrete example, consider this:
Two users, Jenny and Tommy, sign up for our company's service Their parents use the email address firstname.lastname@example.org when registering User Jenny signs on to the forum with SSO with an email address of email@example.com User Tommy signs on to the forum with SSO with an email address of firstname.lastname@example.org Tommy is really active, but Jenny is not. Whenever Tommy logs on, Tommy\ sees the username Jenny though, because they share the same email address. Admin is alerted of the issue and does the following: - Logs Jenny/Tommy out - Changes Jenny's email address to email@example.com in our company DB - Logs in as Tommy - Confirm's Tommy "owns" the firstname.lastname@example.org address - Logs in as Jenny - Confirms Jenny "owns" the email@example.com email address Admin notices that even though Tommy "owns" the firstname.lastname@example.org address, the data associated with that address is still scoped to Jenny's username.
I’d love to have a way to make the user data “owned” by the email address, not the username, that way I can easily transfer user data between users based on the email address. If this is not possible, no worries. I thought it was possible before, but I may be mistaken.