I'm using Azure AD to provide authentication for Citrix Netscaler via SAML. To solve a particular problem, I'm setting up a Citrix Storefront for external vendors that I'm wanting to set up for them to use their own companies login via Azure B2B. I've used the Azure B2B to On Premise AD Powershell sync script to sync the B2B users to the on prem AD.
The problem is that Azure AD is transforming the guest users from the UPN format of "user_guestdomain.com#EXT#@domain.onmicrosoft.com" to the guest users mail address (eg, user@guestdomain.com). This obviously means that the authenticated user isn't matching to the synced on prem user object which creates the UPN in the original format. According to this article this is an automatic transformation that happens with the assumption that the original format wouldn't be desired. Is there anyway to disable this and have it pass through unaltered?








