question

ZakariaMuhammad-8648 avatar image
0 Votes"
ZakariaMuhammad-8648 asked FanFan-MSFT edited

Msol Sign-in Address

Need some help from Experts who have faced this challenge.

Environment: onPrem AD and AAD user authentication is pass through via AAD Connect.

Issue
We have user AAD UPN John@Domain.net different then our company primary Email address like John.Smith@Domain.com

edsaUPNPrefix = John
edsaUPNSuffix = Domain.net
mailNickname = John.Smith
SamAccountName = John


where Domain.net is not a public Domain. we try to change the UPN in AAD connector to use Email address as UPN but user was failed to Sign in because Username was not same as UPN in AD.

if we add Domain.com as another UPN suffix and change the edsaUPNSuffix to Domain.com, it will works. but i want to know what other opens do we have.




azure-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

michev avatar image
0 Votes"
michev answered michev commented

It's either that or use alternateID, which has some bigger downsides: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-use-email-signin

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@michev its under Preview means more limitation could evolve when its heavily used by the organizations.

Can you please share your bigger downside experience?

0 Votes 0 ·
michev avatar image michev ZakariaMuhammad-8648 ·

Basically not all applications support it. However it looks like Microsoft has taken down the list, at least I cannot find it. In a nutshell, only applications that support modern authentication will work.

0 Votes 0 ·