Login with Employee ID

Question

Login with Employee ID

take95 20

Hello,

We are using the SAP Cloud Identity Service and the SAP Cloud Identity Provisioning Service.

We provision users from Entra ID to SAP IAS, and then the users are provisioned to cloud applications. The users that are provisioned from Entra ID are also authenticated in Entra ID.

Is there a way in Entra ID to modify the authentication method to support using the Employee ID for login? Perhaps this could also be achieved with the help of SAP IPS Transformation?

Many Thanks

Accepted answer

2 additional answers

Your answer

Answer 1

Hello @Mike ,

Thank you for reaching out Microsoft Q&A.

I understand that you want to modify the authentication method in Entra ID to allow login using the Employee ID. However, this is not possible, users cannot sign in to the Entra portal using their Employee ID but can use their email ID as an alternative. From Microsoft Entra ID side, there are no settings where we can configure Employee ID as a sign in method.

For additional information follow: https://learn.microsoft.com/en-us/entra/identity/authentication/howto-authentication-use-email-signin

Hope this helps. Do let us know if you any further queries.

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Regards,
Goutam Pratti.

Answer 2

take95 20

Hello @Goutam Pratti

Many Thanks for your support.

Yes, we want the users to sign in in Entra ID using their employee number.

What do you mean by the email ID?

Do you mean the email address, for example, ******@azure.com?

We don't want users to sign in with an email address. What other authentication options are available in Entra ID besides using an email address?

If these settings are applied from your link, do they apply to all users or for all enterprise applications in Entra ID? Or can authentication be limited to a specific enterprise application?

Thank you very much.

Goutam Pratti 6,170 Reputation points Microsoft External Staff Moderator

2024-11-27T09:46:29.93+00:00

Hello @Mike ,

Thanks for your prompt response!

Users cannot sign in to Microsoft Entra ID using their Employee ID.
Currently, Entra ID supports only two authentication methods: signing in with the User Principal Name (UPN) or using an email address (e.g., @email.com).

If you implement the settings described in the provided document link, the email ID can be used as an alternative login method only when the users are trying to sign in into Microsoft Entra ID, please note that currently this feature is in preview mode as mentioned in the document.

Hope this helps. Do let us know if you any further queries.

If this answers your query, do click Accept Answer and Yes for was this answer helpful for the above answer provided. And, if you have any further query do let us know.

Regards,
Goutam Pratti.
Goutam Pratti 6,170 Reputation points Microsoft External Staff Moderator

2024-11-28T04:20:28.72+00:00

Hello @Mike ,

Following up to see if the above answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Goutam Pratti 6,170 Reputation points Microsoft External Staff Moderator

2024-11-29T01:18:40.1833333+00:00

Hello @Mike ,

Following up to see if the above answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
take95 20 Reputation points

2024-12-01T00:12:48.6633333+00:00

Hello @Goutam Pratti

thank you for your support.

Is it possible to set the UPN (Name Identifier) to user.employeeid under Enterprise Application / Attribute & Claims in Azure? Would the login with the employee ID then also not work?

Thank you very much

Best Regards
Goutam Pratti 6,170 Reputation points Microsoft External Staff Moderator

2024-12-02T08:07:51.2833333+00:00

Hello @Mike ,

Thank you for your response!

We have tested from our side by adding user.employeeid as an optional claim under attributes and claims section for one particular application and we were able to see the user.employeeid claims passing in the SAML Token response.
But it is not possible to sign in to any of the applications with employeeid as login method.
By default, the Microsoft identity platform issues a SAML token to an application that contains a claim with a value of the user's username (also known as the user principal name), which can uniquely identify the user.

for additional information follow : https://learn.microsoft.com/en-us/entra/identity-platform/saml-claims-customization

Hope this helps. Do let us know if you any further queries.

Regards,
Goutam Pratti.
Goutam Pratti 6,170 Reputation points Microsoft External Staff Moderator

2024-12-03T06:21:13.2133333+00:00

Hello @Mike ,

Following up to see if the above answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Answer 3

take95 20

Hello @Goutam Pratti ,

Thank you very much for the great support!!!!!!!

So, does this mean that if I provision users from Azure (UPN) into an SAP Cloud application, the username in the SAP Cloud application will always be created as an email address (i.e., UPN(Azure) -> Username(SAP App))? I provision the users using the SAP Provisioning Service. With the SAP Provisioning Service transformation, I can map, for example, the employee number from Azure to the login name in the cloud app, so the username in the SAP Cloud app is created as the employee number. However, the authentication in Azure does not work then.

We do not want the usernames in the cloud applications to be created as email addresses. How can we avoid that?

What other options are available for a username for provisioned users from Azure, so that users can authenticate in Azure as well? And if there are other alternatives for a username, how can I implement that?

I am very grateful for your support.

Best Regards.

Goutam Pratti 6,170 Reputation points Microsoft External Staff Moderator

2024-12-04T07:16:53.3633333+00:00

Hello @Mike ,

Thanks for your Response!

Please note that whenever an application is integrated with Azure AD, the email address is passed as an attribute by default. This is expected behavior and cannot be changed.

Currently, the only login method available for Signing into Azure is using the username (UPN or email address).

Hope this helps. Do let us know if you any further queries.

If this answers your query, do click Accept Answer and Yes for was this answer helpful for the above answer. And, if you have any further query do let us know.

Regards,
Goutam Pratti.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Goutam Pratti 6,170 Reputation points Microsoft External Staff Moderator

2024-12-05T07:33:51.8266667+00:00

Hello @Mike ,

Following up to see if the above answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Goutam Pratti 6,170 Reputation points Microsoft External Staff Moderator

2024-12-06T06:26:48.1833333+00:00

Hello @Mike ,

Following up to see if the above answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Share via

Login with Employee ID

2 additional answers

Your answer