Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
Configure SSO apps to use alternative field for NameID
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 96%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJO%3C/text%3E%3C/svg%3E)
Jason Oliver
0
Reputation points
We are migrating one tenant to another following an aquisition. Everyone in the target tenant will get a new upn/smtp to reflect the new company name. I have figured out how to enable users to continue to use saml sso by utilizing claim conditions. We have populated the user.othermail field with the users lagacy upn and use a security group and claim conditions to pass this field as the nameid.
I cannot find a way to achieve this same setup with oidc apps. Is this possible?
Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} votes
-
JimmySalian-2011 44,986 Reputation points2024-03-18T09:45:34.22+00:00 Hi Jason,
I think that is possible however you will need to explore this via the advanced claims configureation and here is the article you can read through, if not you can also raise a support incident with Microsoft to assist you in this migration.
Hope this helps.
JS
==
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 78%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Julian Sperling 456 Reputation points2024-03-31T21:36:49.4233333+00:00 Is it not just under "Single sign-on" in the enterprise Application? There you can Edit Attributes and Claims like under saml, you just have to edit the manifest to emit them or configure a custom signing key - what are the specific issues you are facing?
Sign in to comment
Sign in to answer