thoughtspot · rani2655 · Jun 11, 2026
diff --git a/modules/ROOT/pages/api-user-management.adoc b/modules/ROOT/pages/api-user-management.adoc
@@ -127,7 +127,20 @@ To update user details:
 * +++<a href="{{navprefix}}/restV2-playground?apiResourceId=http%2Fapi-endpoints%2Fusers%2Fupdate-user">POST /api/rest/2.0/users/{user_identifier}/update</a>+++ (Rest API v2)
 * xref:user-api.adoc#update-user[PUT /tspublic/v1/user/{userid}] (Rest API v1)
 
+// SOURCE: SCAL-313918, SCAL-316352
+// SOURCE: https://thoughtspot.slack.com/archives/C029SNQ27UN/p1776926046104759
+#For review#
+[NOTE]
+====
+When updating IAMv2 users with `account_type` set to `SAML_USER` or `OIDC_USER`, do not use these APIs to change identity attributes such as username, email address, or display name.
+
+If you rename an SSO user through the REST API and that user then logs in through the IdP:
 
+* If Just-in-Time (JIT) provisioning is enabled, ThoughtSpot creates a new duplicate account. The duplicate account does not inherit the original user's content, groups, or permissions.
+* If JIT provisioning is disabled, the user cannot log in.
+
+To update the username or email of an SSO user, make the change in the IdP. ThoughtSpot reflects the updated attributes upon the user's next SSO login.
+====
 
 
 ////