Non matching UPN and Samaccount

Mahesh Aralelemath 386 Reputation points
2021-01-22T10:57:41.807+00:00

Hi,

In our environment

  1. on-prem AD UPN is not in a structured, routable format.
  2. email address is mapped to UPN while syncing on-prem Accounts to M365 using AADConnect.
  3. Tenant is configured as federated and uses ADFS for authentication.

Now with email address used as UPN to login to M365 and broken UPN at on-prem is causing issues in SSO experience.

We are working out to correct the UPN to match with email address so that both are same.
Also ADFS is planned to migrate to PTA.

Now the question is,

  1. Can we have Samaccount differently (Ex: Name)
  2. Email address and UPN to same ( Ex: firstname.lastname@domainname)

With this be accepted scenario from SSO point of view and all authentication?
Are there any issues in such scenario ?

Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.