Hello. I am new to Azure AD and SSO.
I am trying to copy an existing app and modify it for another purpose. Meanwhile the new app is working using UPN for authentication with SSO.
The problem is, not all email aliases are the same in our ORG and it appears when authenticating with Azure AD, even though we have an additional claim called username set to userPrincipalName, the request fails unless the default SMTP matches the UPN.
In our working app, the claim is "Required", but in the problematic app, the claim is not required, but "Additional". Am I only the right track? Is there a way to make this claim required rather than additional?