25,132 questions
It's either that or use alternateID, which has some bigger downsides: https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-use-email-signin
Msol Sign-in Address
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 21%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZM%3C/text%3E%3C/svg%3E)
Zakaria Muhammad
161
Reputation points
Need some help from Experts who have faced this challenge.
Environment: onPrem AD and AAD user authentication is pass through via AAD Connect.
Issue
We have user AAD UPN John@keyman .net different then our company primary Email address like John.Smith@keyman .com
edsaUPNPrefix = John
edsaUPNSuffix = Domain.net
mailNickname = John.Smith
SamAccountName = John
where Domain.net is not a public Domain. we try to change the UPN in AAD connector to use Email address as UPN but user was failed to Sign in because Username was not same as UPN in AD.
if we add Domain.com as another UPN suffix and change the edsaUPNSuffix to Domain.com, it will works. but i want to know what other opens do we have.
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Accepted answer
-
Vasil Michev 119.6K Reputation points MVP Volunteer Moderator2021-04-10T07:45:28.377+00:00 -
Zakaria Muhammad 161 Reputation points
2021-04-10T14:49:39.483+00:00 @Vasil Michev its under Preview means more limitation could evolve when its heavily used by the organizations.
Can you please share your bigger downside experience?
-
Vasil Michev 119.6K Reputation points MVP Volunteer Moderator
2021-04-10T18:44:09.72+00:00 Basically not all applications support it. However it looks like Microsoft has taken down the list, at least I cannot find it. In a nutshell, only applications that support modern authentication will work.
Sign in to comment -