Forum Discussion
Azure Authentication using different username
Hi,
I'm in an Azure\On-Prem Hybrid setup. I'd like for my users to have a username that is different from their email address. Our users email addresses are public so any attacker knows the username by looking at the email. I'm looking for anyway to change the username that's used for Azure and AD but keeping the existing email address. Anyone have any suggestions?
3 Replies
On top of this, would suggest creating a separate account on Admin stuff in terms of security and segregation considerations, and applying necessary security protection and monitor for that account
- Yes, you can change the username used for Azure Active Directory (Azure AD) authentication without changing the email address. Here are some suggestions:
You can create an alternate userPrincipalName attribute for your users in Azure AD. This attribute can be used as the username for authentication purposes, while the email address can still be used for communication purposes. To create the alternate userPrincipalName, you can use Azure AD PowerShell commands or the Azure AD Graph API. Here is a reference article that explains how to create an alternate userPrincipalName: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-create-alternate-upn
Another option is to use Azure AD Connect to synchronize on-premises AD user accounts with Azure AD. During the synchronization process, you can map a different attribute to the userPrincipalName attribute in Azure AD. For example, you can map the samAccountName attribute to the userPrincipalName attribute. This way, users can use their samAccountName as the username for authentication purposes. Here is a reference article that explains how to configure attribute mapping in Azure AD Connect: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-custom
Finally, you can use Azure AD B2C to create custom usernames for your users. Azure AD B2C is a cloud-based identity management solution that allows you to customize the user authentication and authorization process. With Azure AD B2C, you can create custom policies that allow users to sign in with a custom username and password, or with a social identity provider such as Facebook or Google. Here is a reference article that explains how to create custom policies in Azure AD B2C: https://docs.microsoft.com/en-us/azure/active-directory-b2c/custom-policy-get-started
I hope this helps! Let me know if you have any further questions. - you can have different ways of Ids one with email address like email address removed for privacy reasons and other that gets created email address removed for privacy reasons or create username in onprem domain controller testdomain\abc1
irrespective of any way you follow sync the user in Azure AD and assign RBAC roles , you can also use Okta or some 3rd party IDP to manage all these users
hope that help Please "Accept as Answer" if it helped so it can help others in community looking for help on similar topics.
