UPN change and SSO

hrish420 1 Reputation point
2022-05-11T11:12:16.833+00:00

Hi Team,

We are in the middle of a divestiture and have been faced with a hurdle.

Currently, all our organizations users access various applications and portals making use of SSO with their firstname.lastname@xyz .com UPN. However, as a part of the divestiture project - a sect of our have been asked to change their UPN to geo-specific locations (for e.g. firstname.lastname@xyz .co.in). The central support team of the organization would continue to use firstname.lastname@xyz .com.

Will the users be able to access the current SaaS apps (such as salesforce) if we make the required UPN changes in Azure AD/local AD or would it require additional configuration steps?

Many thanks

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,465 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alfredo Revilla - Senior Freelance SWE, SWA, IAM 27,016 Reputation points
    2022-05-11T19:32:57.11+00:00

    Hello @hrish420 , SaaS applications often rely on UPNs to find users and store user profile information, including roles. Applications that use Just in Time provisioning to create a user profile when users sign in to the app for the first time can be affected by UPN changes. One workaroud is to update the UPN using Azure AD Automated User Provisioning.

    Also, take a look to the best practices for a pilot for bulk UPN changes.

    Let us know if you need additional assistance.

    0 comments