question

mbasso-work avatar image
0 Votes"
mbasso-work asked mbasso-work edited

Why Enterprise App SSO signin requires full email address

Can a user log in with only their sAMAccountName instead of their email address?
When signing into an enterprise application set up with SAML SSO in Azure I am greeted with by our school district logo branded login window. I would assume this means it recognizes our domain. However, we must login with our full email address (with @domain.org). If we use only the username part (sAMAccountName), it advances to the password window. After entering a correct password it reads:
Sign-in is blocked.
You've tried to sign in too many times with an incorrect account or password.
Sign-in with XXXXXX is blocked for one of these reasons:
Someone entered the wrong password too many times.
If you signed up for this account through an organization, you might not be able to use it yet

It has been this way for a while but now we are migrating some apps from ADFS to AZURE which are used by Kindergarten to 2nd graders and asking them to ener their full email address is essentially impossible.

Can a user log in with only their sAMAccountName instead of their email address? If the logon windows is branded with our logo, shouldn't it recognize our domain name?
Thanks in advance

azure-ad-saml-sso
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@mbasso-work , I can understand totally that making the little ones at KG-nd graders understand all this can be quite a task in itself. You said that you are now moving apps from ADFS to Azure. Have you got the above error while being redirected to your ADFS page ? ADFS can be customized with your logo . Is the user account locked in your ative directory ? If it is the ADFS logon window it will recognize the domain\username format but if its Azure SSO page then it will be in the userprincipalname format (same as email ) which is [user]@[domain.com] format generally . Since your users are kids , are you saying that they are unable to enter the email address but can enter domain\username format ? I think there should be some easy way for them to logon like windows hello . I am not sure what systems you have and if it is possible to implement windows hello but it will e really easy for the kids to get face recognition working for them while they are big enough to remember all usernames and passwords. Let us know and we will continue to work further on this with you.

0 Votes 0 ·

0 Answers