Details
-
New Feature
-
Resolution: Unresolved
-
Minor
-
None
-
None
-
None
Description
Hi,
It was great news when azure provisioner was announced today with support for Unified groups. I was waiting to use it, but one small restriction does not make it usable for us. It looks like userPrincipalName is generated from <uid>@<tenant.id>. There is an option to configure the first part, but looks like the second part is not configurable.
We use AzureADSync to sync our users and the userPrincipalName in our case is yale.edu but the tenant id is yaleedu.onmicrosoft.com. The cloud users will have the later as a suffix to there userPrincipalName, but user synchronized from on-premise AD using Azure AD sync will have yale.edu as the suffix.
Would it be possible to provide a possible list of domain values for the UPN suffix, and maybe a priority order to try to find a user or at least provide a way to specify the Azure UPN as a attribute on the subject directly so that the code does not have to generate the UPN
Thanks,
Amit
(Yale University)