Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,459 questions
Why Enterprise App SSO signin requires full email address
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 24%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESW%3C/text%3E%3C/svg%3E)
Strensnik Work
41
Reputation points
Can a user log in with only their sAMAccountName instead of their email address?
When signing into an enterprise application set up with SAML SSO in Azure I am greeted with by our school district logo branded login window. I would assume this means it recognizes our domain. However, we must login with our full email address (with @keyman .org). If we use only the username part (sAMAccountName), it advances to the password window. After entering a correct password it reads:
Sign-in is blocked.
You've tried to sign in too many times with an incorrect account or password.
Sign-in with XXXXXX is blocked for one of these reasons:
Someone entered the wrong password too many times.
If you signed up for this account through an organization, you might not be able to use it yet
It has been this way for a while but now we are migrating some apps from ADFS to AZURE which are used by Kindergarten to 2nd graders and asking them to ener their full email address is essentially impossible.
Can a user log in with only their sAMAccountName instead of their email address? If the logon windows is branded with our logo, shouldn't it recognize our domain name?
Thanks in advance
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 57.00000000000001%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Shashi Shailaj 7,581 Reputation points Microsoft Employee2021-10-18T09:49:59.5+00:00 @Strensnik Work , I can understand totally that making the little ones at KG-nd graders understand all this can be quite a task in itself. You said that you are now moving apps from ADFS to Azure. Have you got the above error while being redirected to your ADFS page ? ADFS can be customized with your logo . Is the user account locked in your ative directory ? If it is the ADFS logon window it will recognize the domain\username format but if its Azure SSO page then it will be in the userprincipalname format (same as email ) which is [user]@[domain.com] format generally . Since your users are kids , are you saying that they are unable to enter the email address but can enter domain\username format ? I think there should be some easy way for them to logon like windows hello . I am not sure what systems you have and if it is possible to implement windows hello but it will e really easy for the kids to get face recognition working for them while they are big enough to remember all usernames and passwords. Let us know and we will continue to work further on this with you.
Sign in to comment