![]() ![]() For existing Azure AD Connect installations, see Changing the user sign-in method for instructions on changing sign-in method to AD FS.For new configuration of Azure AD Connect, see Connect to Azure AD for detailed instruction on how to configure alternate ID and AD FS farm.We recommend using Azure AD connect to configure alternate logon ID for your environment. In the above-mentioned scenarios, alternate ID with AD FS enables users to sign-in to Azure AD without modifying your on-premises UPNs. The on-premises UPN is not same as the user's email address and to sign-in to Office 365, users use email address and UPN cannot be used due to organizational constraints.Azure AD and Office 365 require all domain suffixes associated with Azure AD directory to be fully internet routable. The on-premises domain name is non-routable, such as contoso.local, and as a result the default user principal name is non-routable ( Existing UPN cannot be changed due to local application dependencies or company policies.Alternate ID in Azure ADĪn organization may have to use alternate ID in the following scenarios: It also enables you to support line-of-business service applications with consumer-provisioned identities. Using the alternate ID enables you to adopt SaaS providers like Office 365 without modifying your on-premises UPNs. When configured for alternate ID, AD FS allows users to sign in using the configured alternate ID value, such as email ID. AD FS already supports using any form of user identifier that is accepted by Active Directory Domain Services (AD DS). This enables administrators to specify an alternative to the default UPN to be used for sign-in. For more information on how the UPN is created, see Azure AD UserPrincipalName population.Īctive Directory Federation Services (AD FS) enables federated applications using AD FS to sign in using alternate ID. Use of any other sign-in method instead of UPN constitutes alternate ID. Consider a user Jane Doe with UPN and email address Jane might not be even aware of the UPN as she has always used her email ID for signing in. This is particularly common in scenarios where their UPN is non-routable. This article addresses the small percentage of customers that cannot remediate UPN's to match.įor example, they can use their email ID for sign-in and it can be different from their UPN. Microsoft's recommended best practices are to match UPN to primary SMTP address. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |