Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
Using different Unique User Identifiers on a single Enterprise Application
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 46%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
Timothy Boyd
5
Reputation points
Hey everyone, I have a unique situation I would like some assistance with.
We have recently merged companies and going through some growing pains attempting to move from Okta to Entra ID. One such unique example below using Slack. For some applications we need to use different attributes on a per person or per group basis. This is easily done on a per user basis in Okta by simply changing the users **"**Assignment & App Username" but doesn't seem to be so simple in Entra.
Slack is set up and connected properly using SAML. Basically we have 2 sets of users. One set of users I would like to keep the current "Unique User Identifier (Name ID)=user.userprincipalname" (This works properly) For another set of users we need to use a different attribute so "Unique User Identifier (Name ID)=user.othermail" We would like to do this using only one Enterprise Application for all users and not needing to set up 2.
My first attempt to work around this was using Claim conditions but to my understanding this is an "And" condition not an "Or" condition. Will attach a screenshot of my thought.
Any and all help is much appreciated!
Microsoft Security | Microsoft Entra | Microsoft Entra ID
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 52%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
AJ 0 Reputation points2026-01-16T21:09:35.13+00:00 I have the same issue. Got an MTO where the identifier is user principal for their tenant and for ours we use onpremisessamaccountname. If I flip the Unique User Identifier to UserPrincipal, it works for them but not for us and vice versa. Really need to be able to send both.... Like yours, We have them as additional claims, but it doesn' t seem to use them as identifiers.
Sign in to comment
Sign in to answer