Share via

Can we use Samaccountname to login to azure reources?

David Swales 20 Reputation points
2024-01-29T16:59:56.01+00:00

We have an azure sync'd environment with onprem AD controllers but have the requirement for users to be able to use their on premise Samaccountname in the azure login. Is this possible?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,035 questions
0 comments
Accepted answer
  1. Sandeep G-MSFT 15,326 Reputation points Microsoft Employee
    2024-02-06T13:19:13.7733333+00:00

    @David Swales
    As we discussed syncing Samaccount name as UPN is not possible in Azure AD. Even if it syncs users will not be able to login to Azure resources using samaccount name. Because as explained during authentication process there is domain suffix from UPN which is been picked up and using the domain name Azure recognizes to which tenant user belongs to. If there is no domain suffix in UPN that we provided Azure AD will throw an error. Also as discussed there is a feature in Azure AD where you can configure email as UPN. https://learn.microsoft.com/en-us/entra/identity/authentication/howto-authentication-use-email-signin This feature is still in preview. May be in future PG team will work on getting other attributes to login to Azure resources. Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.
    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Saravanan Ganesan 1,745 Reputation points
    2024-01-29T17:23:29.9+00:00

    Hi David,

    Yes, it's possible to allow users to sign in to Azure AD using their on-premises samAccountName. Azure AD Connect syncs user attributes, including samAccountName, from on-premises AD. However, for user sign-ins, Azure AD primarily uses the User Principal Name (UPN). To enable sign-in using samAccountName, you may need to configure Alternate ID in Azure AD Connect, allowing users to sign in with on-premises samAccountName. This involves mapping on-premises attributes to corresponding Azure AD attributes. Regards, Saravanan Ganesan.

    0 comments
  2. Akhilesh 6,115 Reputation points Microsoft Vendor
    2024-01-30T13:31:15.1766667+00:00

    Hi @David Swales

    Thank you for your post!

    I understand that you have hybrid environment and would like to know if it is possible to allow the users to sign in to Entra ID using the on-premises samAccountName.

    Yes, you can achieve this by Select the on-premises attribute as a sAMAccountName to use as the Entra ID username.

    The below steps explain to set the on-premises attribute as a sAMAccountName in Entra ID.

    • open the Entra ID and choose the Custome settings, authenticate with your global admin credentials and connect your directories by using your enterprise admin credentials. ad coonect login
    • In the Azure AD Sign-in tab Select the on-premises attribute as a sAMAccountName which as shown in the below picture and click on next button for further configuration as per your requirement. User's image

    I hope this answer helps! If you have any further questions, please feel free to ask.

    Reference: https://learn.microsoft.com/en-us/windows/win32/adschema/a-samaccountname

    https://gist.github.com/nordineb/c6b039d7d56ae5d7f3af36bb098b3c3a

    Thanks,

    Akhilesh.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.