Forum Discussion
Azure Authentication using different username
Hi, I'm in an Azure\On-Prem Hybrid setup. I'd like for my users to have a username that is different from their email address. Our users email addresses are public so any attacker knows the user...
Yes, you can change the username used for Azure Active Directory (Azure AD) authentication without changing the email address. Here are some suggestions:
You can create an alternate userPrincipalName attribute for your users in Azure AD. This attribute can be used as the username for authentication purposes, while the email address can still be used for communication purposes. To create the alternate userPrincipalName, you can use Azure AD PowerShell commands or the Azure AD Graph API. Here is a reference article that explains how to create an alternate userPrincipalName: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-create-alternate-upn
Another option is to use Azure AD Connect to synchronize on-premises AD user accounts with Azure AD. During the synchronization process, you can map a different attribute to the userPrincipalName attribute in Azure AD. For example, you can map the samAccountName attribute to the userPrincipalName attribute. This way, users can use their samAccountName as the username for authentication purposes. Here is a reference article that explains how to configure attribute mapping in Azure AD Connect: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-custom
Finally, you can use Azure AD B2C to create custom usernames for your users. Azure AD B2C is a cloud-based identity management solution that allows you to customize the user authentication and authorization process. With Azure AD B2C, you can create custom policies that allow users to sign in with a custom username and password, or with a social identity provider such as Facebook or Google. Here is a reference article that explains how to create custom policies in Azure AD B2C: https://docs.microsoft.com/en-us/azure/active-directory-b2c/custom-policy-get-started
I hope this helps! Let me know if you have any further questions.
You can create an alternate userPrincipalName attribute for your users in Azure AD. This attribute can be used as the username for authentication purposes, while the email address can still be used for communication purposes. To create the alternate userPrincipalName, you can use Azure AD PowerShell commands or the Azure AD Graph API. Here is a reference article that explains how to create an alternate userPrincipalName: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-create-alternate-upn
Another option is to use Azure AD Connect to synchronize on-premises AD user accounts with Azure AD. During the synchronization process, you can map a different attribute to the userPrincipalName attribute in Azure AD. For example, you can map the samAccountName attribute to the userPrincipalName attribute. This way, users can use their samAccountName as the username for authentication purposes. Here is a reference article that explains how to configure attribute mapping in Azure AD Connect: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-custom
Finally, you can use Azure AD B2C to create custom usernames for your users. Azure AD B2C is a cloud-based identity management solution that allows you to customize the user authentication and authorization process. With Azure AD B2C, you can create custom policies that allow users to sign in with a custom username and password, or with a social identity provider such as Facebook or Google. Here is a reference article that explains how to create custom policies in Azure AD B2C: https://docs.microsoft.com/en-us/azure/active-directory-b2c/custom-policy-get-started
I hope this helps! Let me know if you have any further questions.