Sign-in to AZURE AD with Email fine but can user pick multiple email?

Saeed Ahmad 21 Reputation points
2023-03-26T04:28:57.3633333+00:00

We are ADFS 2012 R2 Federated with AZURE / o365 with hybrid Identity via AAD connect. with over 70 custom domain in the organization, customer move between business areas and their UPN suffix and Primary email change. That brings a problem as VPN rely on certificates and changing UPN breaks VPN.

Currently, we keep the primary smtp address + UPN as same. We are thinking of keeping UPN same as customer move between business but change only email. Yes Microsoft has email as an alternate ID (Preview) but my question is:

if user has more then one proxy email address in addition to primary SMTP address, can the user use any of these or this is restricted to Primary SMTP address only?

The idea is to give customer to sign in using either of email addresses specified to be resilient to Identity changes.

Thanks

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,559 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sedat SALMAN 13,160 Reputation points
    2023-03-26T05:31:02.4866667+00:00

    users can sign in using either their UPN or their primary email address. However, they cannot use other proxy email addresses to sign in. If you want to provide more flexibility, you can consider implementing a custom solution for authentication. For example, you could build a custom sign-in portal that lets users authenticate with any of their proxy email addresses. This portal would need to map the provided email address to the correct UPN and then authenticate the user against Azure AD using the correct UPN.

    0 comments