question

hrishisekhar07 avatar image
0 Votes"
hrishisekhar07 asked alfredorevilla-msft answered

UPN change and SSO

Hi Team,

We are in the middle of a divestiture and have been faced with a hurdle.

Currently, all our organizations users access various applications and portals making use of SSO with their firstname.lastname@xyz.com UPN. However, as a part of the divestiture project - a sect of our have been asked to change their UPN to geo-specific locations (for e.g. firstname.lastname@xyz.co.in). The central support team of the organization would continue to use firstname.lastname@xyz.com.

Will the users be able to access the current SaaS apps (such as salesforce) if we make the required UPN changes in Azure AD/local AD or would it require additional configuration steps?

Many thanks

azure-ad-single-sign-onazure-ad-hybrid-identity
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

alfredorevilla-msft avatar image
0 Votes"
alfredorevilla-msft answered

Hello @hrishisekhar07, SaaS applications often rely on UPNs to find users and store user profile information, including roles. Applications that use Just in Time provisioning to create a user profile when users sign in to the app for the first time can be affected by UPN changes. One workaroud is to update the UPN using Azure AD Automated User Provisioning.

Also, take a look to the best practices for a pilot for bulk UPN changes.

Let us know if you need additional assistance.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.