Forum Discussion
AzureAD sharepoint SAML integrattion
any ideas?
Regards
AR
Hello,
Sorry for the delay.
Firstly, I recommend making sure the following attributes match. This reduces administrative overhead and provides the best user experience.
Setting | Azure AD Attribute Name |
SIP | ProxyAddresses – denoted with a prefix of uppercase ‘SMTP’ |
Primary SMTP (default send from address) | ProxyAddresses – denoted a prefix ‘SIP’ |
WindowsEmailAddress (Exchange), Mail (Graph API) | |
User Principal Name (AzureAD login name) | UserPrincipalName |
Alternative ID (**avoid if possible) |
|
** I hear you On-prem Active Directory admins, yes, it’s a lot of work but these changes will save you a world of pain 😊
With reference to your problem, the mail attribute “user.mail”, isn’t used by Exchange or sending email, and is often out of date or not set at all. Now in saying that, Azure AD has some interesting rules which in some cases populate the mail attribute:
https://support.microsoft.com/en-gb/help/3190357/how-the-proxyaddresses-attribute-is-populated-in-azure-ad
Personally, I wouldn’t rely on Azure AD updating synchronised accounts. Please manage the mail attribute using On-Prem AD to avoid ambiguity.
So how does this help me? 😊
Check one of your problematic users using the Graph API explorer, unless you connect to Exchange Online, mail attribute isn't exposed:
- Login to the graph api explorer - https://developer.microsoft.com/en-us/graph/graph-explorer#
- Paste the following query into the query window and add you users UPN
- https://graph.microsoft.com/v1.0/users/%5bUPNHere]