Once an organization has been connected for federated login through MyEnergyCAP, the user login workflow utilizes the following set of rules in order to correctly identify an existing EnergyCAP account if it exists. At the current time, EnergyCAP only utilizes the user-specific information during the workflow. There is no current accommodations for passing in active/inactive status, permission role names, or EnergyCAP Topmost Place/Cost Center values. While these features might be available in the future, they are not currently a part of the MyEnergyCAP integration.
In order for users to authenticate with EnergyCAP, these claims must be configured correctly. The claim name must be the entire URI.
All federated users which have successfully authenticated have a matching MyEnergyCAP user created with a unique GUID. This is stored into the EnergyCAP database after the first successful login attempt. This GUID takes precedence over all other matches listed below. If a user is authenticated and EnergyCAP finds a matching GUID for a SystemUser record, it assumes that user record is the correct match. No two users can have the same GUID in a database.
Existing EnergyCAP users are matched as follows:
If an authenticated user is not found in the database as described above, clients have two choices: