Forum Discussion
Hybrid Azure AD Join with Alternate Login ID (PHS)
Hello, Could somebody clarify whether Hybrid Azure AD Join is supported when using Alternate Login ID? In this scenario I'm using the Mail attribute to sync/represent the UPN in Azure AD. The ...
Hi, you’re not using the preview?
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-use-email-signin
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-use-email-signin
ChristianBergstrom no.
As I understand there are 3 types of Alternate Login ID....
- Alternate Login ID (Preview) - as you mentioned
- Alternate Login ID with PTA/PHS via AAD Connect login attribute - where you select a different on premises attribute to sync and populate as the UPN in Azure AD (typically Mail)
- Alternate Login ID with Federated Identity - like above but you configure your federated endpoint to support login with alt log ID claim
I'm looking at option 2.
- Ok. Using Azure AD Connect to achieve this requires to set the email address as the UPN in Azure AD. With the preview you can use the same UPN across on-premises AD and Azure AD to achieve compatibility across the services, while still allowing your users to sign in either with UPN or email. But you don’t want to use the preview?
- That would not resolve the issue in my scenario. The on premises UPN is not-routable e.g. @contoso.local . As a result, the preview wouldn't provide a solution.
As I understand, this preview is helpful where the UPN is internet routable, but not eh not same domain suffix as the mail attribute?